角JS - 形式和投入 - 阿贾克斯VS客户端验证 [英] Angular js - form and inputs - ajax vs client side validation

问题描述

我不知道为什么我要验证在客户端的形式，而他们反正需要一个服务器端（ AJAX ）验证不被黑客入侵？

i'm wondering why i have to validate forms on client side while they anyway need a server side (ajax) validation for not being hacked?

是否有同时具有客户端和服务器端的任何利益（AJAX）表单验证？

IS there any benefit on having both client side and server side (ajax) form validations?

我的意思是他们做同样的事情，但阿贾克斯需要300毫秒和客户需要大概0毫秒，这是一个很好的理由，为什么做重复的验证？ ：P

另外，使用删除不需要来自客户端的js单个服务器端验证，我只看到有只AJAX验证，好处你呢？

Plus, using a single server side validation you remove not needed js from client side, i see only benefits in having only ajax validation, what about you?

如果我会去一个客户端验证，有一些方法/做法/逻辑遵循不重复的服务器端验证？只喜欢，如果客户端验证是确定的服务器执行的操作/请求？

If i'll go for a client side validation, is there some way/practice/logic to follow to not duplicate validation on server side ? Like ONLY if client side validation is ok server performs the action/request ?

其实我的逻辑是：

服务器+客户端验证
少请求 - >详细code（复制） - >更多的麻烦 - >更好的UX
服务器端验证（仅适用于阿贾克斯）
更多的请求 - >少code - >少麻烦 - ！？>大概相同UX

Server + Client side validation less requests -> more code (duplicated) -> more troubles -> better UX Server side validation (only ajax) more requests -> less code -> less troubles -> probably same UX !?

抱歉maccheronic英语ASD：D

Sorry for maccheronic english asd :D

推荐答案

您应该考虑客户端和服务器端验证的一个单独的工具来完成不同的目标。

You should be thinking of client-side and server-side validation a separate tools to accomplish separate goals.

这是你绝对应该在服务器端做验证的原因是因为是绝对没有$ P $从手工编辑JavaScript文件，以消除任何客户端验证pventing我。你根本不可能，即使你的code已经过压缩prevent和混淆（这两者都可以是未完成）。

The reason that you absolutely should be doing validation on the server side is because there is absolutely nothing preventing me from manually editing the Javascript files to remove any client-side validation. You simply can not prevent that, even if your code is minified and Obfuscated (both of which can be un-done).

的原因，客户端验证的很好的（但不是必要的，因为服务器端验证）是因为它实际上是帮助用户创造一个形式，将继续通过服务器端验证。 AngularJS可以轻松验证一个表单后的每一个关键preSS 的。这是从用户的角度真棒。想想那些形式那里是旁边密码领域的密码强度计，他说，需要实力，以通过验证蜜蜂好或更好。如果你做的每一个关键preSS后AJAX验证电话，你会按数量级增加你的服务器的负载。

The reason that client-side validation is nice (but not as necessary as server-side validation) is because it actually assists the user in creating a form that will proceed to pass server-side validation. AngularJS can easily validate a form after every keypress. That is awesome from a user perspective. Think of all of those forms where there is a "Password Strength" meter next to the password field, saying that the strength needs to bee good or better in order to pass validation. If you were to do an ajax validation call after every keypress, you would increase your server load by orders of magnitude.

的想法是，服务器端验证只会用户点击提交按钮之后发生。用户甚至认为关于击中提交按钮的时候，他们应该已经知道，它们的形式是要通过验证。

The idea is that server-side validation is only going to happen after the user hits the "Submit" button. By the time the user even thinks about hitting the "Submit" button, they should already know that their form is going to pass validation.

然而，让我们静下心来，你真正的问题：你想只有一次输入您的验证规则。太棒了！现在，你在想干的！唯一的问题是，这将需要使用的东西在后台自动生成您的客户端验证，这是很困难的。另一种可能是您的前端拨打电话到服务器，要求的规则，并教前端如何跨preT的响应。这将是一个附加的呼叫，但它应该是一个相对便宜的。所有这一切恩相当多的额外的工作，很遗憾。这可能是值得的，但是，如果你希望你的形式在不久的将来经常改变。能够改变它在一个地方，而不是两个是在这种情况下一个巨大的福音，可以是值得的额外花费时间的前期。

However, lets get down to your real problem: You want to enter your validation rules only once. That is awesome! Now you are thinking DRY! The only problem is that this would require using something in the back-end to automatically generate your client-side validation, which can be difficult. The alternative could be to have your front end make a call to the server, asking for the rules, and teach your front-end how to interpret the response. This would be an additional call, but it should be a relatively cheap one. All of this ex quite a bit of extra work, unfortunately. It may be worth it, however, if you expect your form to change frequently in the near future. Being able to change it in one place instead of two would be a huge boon in that situation, and may be worth the additional time spent up-front.

那么，客户端验证绝对需要？嗯，这要看情况。客户可以非常挑剔，所以如果这是真正适合你（银行账户申请表）产生的收入形式，那么你需要认识到，一些客户可能会关闭您的网页中，如果他们点击提交，看看他们的形成红色填满所有的地方。这是一个更好的经验，如果他们被告知的问题，因为它们发生，而不是一下子。

So, is Client side validation absolutely needed? Well, that depends. Customers can be very finicky, so if this is a form that actually generates revenue for you (bank account application form), then you need to realize that some customers might close out of your web-page if they click "submit" and see their form fill up with red all over the place. It is a much better experience if they are told the problems as they happen, rather than all at once.

然而，如果你正在创建一个最后期限内联网的应用程序，那么你可能需要看看优先事项，并做出判断调用;）

If, however, you are creating an intranet application on a deadline, then you may need to look at priorities and make a judgment call ;)

这篇关于角JS - 形式和投入 - 阿贾克斯VS客户端验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！