Is it necessary to use two types of validations in laravel?


I will present a topic that you may know, but for me it is not entirely clear ( for the amount of time I've been using the Laravel framework ), I hope this topic can be explained here:

It turns out that I am developing a sitio web (admin panel) and I have many controllers and files of the application and I start to ask questions,
¿Es necesario hacer validaciones con javascript y del lado de servidor en el controller la hora de enviar datos? .

It turns out that I read out there ( Here Specifically ) that it is necessary to validate the two ways for more security to the site, but here comes the other doubt, Do not you think it will be a lot of code if I'm just sending two inputs? , so from there new questions are born about what I'm doing:

  • Is it necessary to make two types of validations for the number of fields sent?
  • Is it a good practice?
  • How safe is it to do this? o Does not it have to do with security?
  • Is it for programmer convenience to do this?

I am currently doing validations in javascript and doing Form Request Validation this last only if they are more than three fields.


I sincerely hope that you can clarify some things to me since still   I'm in time to make changes.

asked by Sebastián Lagos Yañez 11.04.2018 в 16:48

2 answers


Short answer:

It is not necessary but it is ideal.

More detailed answers:


Is it necessary to do two types of validations for the number of fields sent?

It is not necessary, but if you did only validation in the backend / Laravel (which is mandatory), you would be going slightly against the User Experience (UX), in which it is suggested to show a message of error to the user as soon as possible as soon as possible . The latter in order that the user does not send the form and have to wait (1, 2 or 3 seconds) validating the server side to get simple validation messages like "This field is required" or "you can only enter digits".


Is it a good practice?

Yes, it is certainly good practice to validate on the client and server side.


How much security does this give me? o Does not it have to do with security?

Security will always be relative and you will never have a 100% secure system, it also depends what validation rules you implement and how you do it, but validate on the server side (Laravel), normally (and if you do it "right"), it will help to filter and restrict many little things bots try, silly users and very skilled users.


Is it for programmer convenience to do this?

I'm not sure I understand this question, but the "comfort" is in every programmer, and in the skill and experience you have when using a tool like Laravel and / or generate validations in the frontend. Validations of the information received have always been and will be a tedious issue, whether it is a form of 2 or 200 fields, so for some it will never be comfortable to make validations.

answered by 11.04.2018 / 17:01

You can set it as follows:

Frontend validations communicate with the user and help one of several cases, such as avoiding empty fields

Backend level validations help in a very simple way with laravel to avoid or warn about the size of a file, if a record is duplicated, etc.

So it's not about double work, since doing both validations is helping both the user and the developer to prevent as many unexpected behaviors as possible.

Keep in mind that if you only work with the server validations and you return only the answers given by MySQL, for example, if there is an inconsistency for you, it is useful but not so much for the user.

answered by 11.04.2018 в 17:08