Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial


Matt Berry
Matt Berry
8,400 Points

Front vs. Back End

Is there a convention for deciding if a task should be preformed in the front or back end of a website? A simple example: If you want to convert a string to a number, you could use .to_i in Ruby or parseInt() in JavaScript.
Something this simple probably does not matter, but I'd appreciate an explanation that I could apply to more complicated scenarios. Thank you!

1 Answer

I'll give this a shot.

The front end is what the user experiences. It is a display of state, or a presentation of data as honey. We want the front end looking as slick and gorgeous as possible to attract the most users and keep them for as long as possible.

Changes to this state are sent to the server for validation and responded to with new data from the database - thus, updating or changing the state of the client. Client side validation is a convenience for the user, but not a substitute for server side validation. By using scripts to validate on the client, you can reduce the amount of HTTP requests to your server.

However, you will always need server side validation because, as a general rule, you can never trust user input. User input may be wrong as a result of mistakes, or wrong as a result of trying to execute arbitrary code and get a full dump of your SQL database.

To recap, parseInt can be used on the client for convenience to both you and the user, but it must be used on the server to protect against unauthorized access to your database. parseInt is just an example, but the more broader question is about validation, which I hope is now more clear.