Brandon Leichty25,418 Points
Input verification on front-end or backend (using Express)?
Hello Treehouse community,
I'm working on a little site that will take both a URL and a phone number and send a POST request with the information to an Express backend.
I could send a separate POST request for both the URL and the phone number, and then send a response based upon if the input is valid or not.
However, I'm wondering if it'd be better (or a best practice) to do the validation on the front-end outside of Express. That way I'd only have to send a single POST request with the URL and number.
Any thoughts would be greatly appreciated. Hopefully this makes sense. If you have any questions or need more validation on something, let me know.
Here's a little flow chart I put together that will hopefully make things clear:
Thank you so much!
Alexander La Bianca15,597 Points
It is generally recommended to do validation on both. However, it can vary on situation as well. From your diagram, are users only able to enter a phone number if the url is valid? Or can they enter a phone number before entering a url?
Stuart Wright41,034 Points
I'm not familiar with Express, but what I'm about to say applies to any web application regardless of language/framework:
You should always validate user inputs on the backend, even if you also do some frontend validation. Frontend validation is easy to bypass. There is no harm in including both - frontend validation can lead to a better user experience, as the user doesn't have to wait on a response from the server to tell them that their input is invalid, but it cannot be relied on as your only validation.