# Server-side validation

In the next task we will be performing validation on a web server using what we have discovered about regular expressions. However, you may be thinking that validation can be carried out client-side by the web browser. This is true but since the web browser is in the hands of the user we can not guarantee that it has not be modified in some way to bypass our validation, therefore we should always perform some validation on the server.

Another question this might have raised is if we are performing validation on the server anyway then why is a lot of validation carried out client-side? The answer is simple, it is far quickly and places less strain on the server if we can validate everything client-side but we must have a final check on the server to ensure what we are about to process is not going to cause problems for our application.

So both types of validation are important. However, we are going to focus on server-side validation as client-side would require us to learn some JavaScript which is beyond the scope of this tutorial.

## Simple form and processing script

To practice adding validation we will be used a pre-existing form and processing script and we will just add validation code to it. You can download the necessary code from our Regular Expressions Repository on GitHub.

If you are unsure about using GitHub then the video tutorial below explains how to download the code and amend it for this task.

Use the above video to add validation to a pre-existing form and script.

## User experience

Whilst we have managed to validate our form data successful in the previous task, the user experience is somewhat disappointing. It would be much better is the feedback was placed directly on the booking form. This would make it more obvious to the user what sections required changes. The video below demonstrates how to do this - this video is quite long:

Use the above video to make improvements to your booking form script so that the validation indicators appear on the form rather than on a separate page.

## Summary

In this section you have covered a lot of ground. You have been introduced to:

• Regular expression syntax
• Compact regular expressions
• Verbose regular expressions
• The re module in Python
• Validating form data on the server
• Creating a dynamically generated form with validation indicators

Remember, whilst we have used regular expressions a lot in this section, keep in mind that they are not always the best tool for the job. They are difficult to read for just about everybody and if simple string manipulation functions will do the same job then you should use those. Unless, of course, your string manipulation code is becoming difficult to understand - then maybe a regular expression will be easier to comprehend!

Finally, when validating your form data make use that you validate on the client-side as well. A combination of HTML5 validation features and JavaScript will save you from making too many round trips to your server.