A Case for Form Validation

Whenever an application receives a request, 0:00 it is important that we ensure that the request is valid. 0:02 This comes in many forms. 0:06 The web server will ensure that the HTTP request was crafted 0:07 in a way that constitutes valid HTTP. 0:11 In the future, we'll ensure that the requestor has a right to make changes. 0:14 For example, we might validate that the requester is a currently logged in user. 0:18 But here, what we want to validate is that each piece of information that is inserted 0:23 is in the correct format. 0:28 For example, for adding a category, we might want to ensure that a category name 0:29 never exceeds 15 characters and is at these 3 characters in length. 0:34 Even more, we'd want to make sure a category name was provided at all. 0:39 This whole process is called data validation and 0:43 is part of every modern stable application. 0:46 Whether or not it's a web app and whether or not it's written in Java. 0:49 In the context of a web application, two forms of validation exist, 0:53 client side and server side. 0:58 Client side validation is written in JavaScript. 1:00 This allows for immediate feedback before an HTTP request is ever sent 1:03 upon clicking a form submit button. 1:08 That is, the browser displays an error without the server 1:11 ever having to check it. 1:14 Server side validation happens on the server. 1:16 And in our case, would be written using Java code. 1:19 Now, regardless of whether or not your application has client side validation for 1:22 sufficient security, you should always include server side validation. 1:26 Let me repeat that. 1:31 Your web application should always include server side validation. 1:33 This ensures that data that reaches the web server is indeed valid. 1:37 This prevents malicious and 1:42 nonsensical data from being planted into your database or on your web server. 1:44 Remember, even though you intend for users to interact with your web application 1:49 through a browser, as you saw in HTTP Basics. 1:53 You can reach a web server simply with programs like Telnet. 1:57 In this case, there's no client side validation since the validation 2:01 would have been written for a browser. 2:05 The user has cut out the browser with Telnet and 2:07 has therefore, cut out your client side validation as well. 2:10 Okay, you get it. 2:14 Always include service side validation. 2:15 Next, we'll look at exactly how we add that to our Spring app 2:17