I am going to expose a topic that you may know, but for me it is not entirely clear ( due to the amount of time I have been with the Laravel framework ), I hope that this topic can be exposed here:
It turns out that I am developing an sitio web(admin panel ) and I have a lot of drivers and files of my own and I start asking questions, ¿Es necesario hacer validaciones con javascript y del lado de servidor en el controller la hora de enviar datos?.
It turns out that I read somewhere ( Here Specifically ) that it is necessary to validate in both ways for more security to the site, but here comes the other question, don't you think it will be a lot of code if I am only sending two inputs? , then from there new questions arise regarding what I am doing:
- Is it necessary to do two types of validations for the number of fields sent?
- Is it a good practice?
- How safe is it for me to do this? o Doesn't it have to do with security?
- Is it for programmer convenience to do this?
I am currently doing validations on javascriptand performing Form Request Validationthe latter only if there are more than three fields.
I sincerely hope that you can clarify some things for me since I still have time to make changes.
Short answer:
It is not necessary but it is ideal.
More detailed answers:
It is not necessary, but if you were to do only validation in the backend/Laravel (which is mandatory), you would be slightly going against the User Experience (UX), in which it is suggested to show an error message to the user as soon as possible or early as possible . The latter so that the user does not submit the form and has to wait (1, 2 or 3 seconds) for it to validate on the server side to obtain simple validation messages such as "This field is required" or "you can only enter digits".
Yes, without a doubt it is good practice to validate on the client and server side.
Security will always be relative and you will never have a 100% secure system, it also depends on what validation rules you implement and how you do it, but validating on the server side (Laravel), normally (and if you do it "right"), will help to filter and restrict a lot of little things that are tried by bots, dumb users and very skilled users.
I'm not sure I understand this question, but the "comfort" is in each programmer, and in the skill and experience they have when using a tool like Laravel and/or generating validations in the frontend. The validation of the information that is received has always been and will be a tedious issue, whether it is a form with 2 or 200 fields, so for some it will never be comfortable to do validation.
You can set it as follows:
Frontend validations communicate with the user and help one of several cases, such as avoiding empty fields
Backend level validations specifically help in a very simple way with Laravel to avoid or warn about the size of a file, if a record is duplicated, etc.
So it is not about double work, because by doing both validations you are helping both the user and the developer to prevent as many unexpected behaviors as possible.
Keep in mind that if you only work with server validations and return only the responses that MySQL gives, for example, in the event of an inconsistency, it is useful for you but not so much for the user.