Validation – Client or Server-side?

I used to be pretty fanatical about implementing both client and server-side validation, however recently, I have stopped bothering with client side error messages almost entirely. The conventional wisdom is that client-side validation is necessary because it:

  1. Gives your users instant feedback.
  2. Saves CPU cycles.
  3. Lowers bandwidth use.

While all of these things are true, it is also true that:

  1. Client-side validation adds coding and QA time to the development process.
  2. Large amounts of JavaScript (which are often required for validation frameworks) also use bandwidth.
  3. Thanks to CSS-P, pages can be small enough that reloading them doesn’t have to take as long as loading
  4. You have to do server-side validation in addition to client-side validation anyway since client-side validation can always be bypassed.
  5. JavaScript alerts can be alloying and less intuitive than well positioned, verbose server-side error messages.

In my experience, the amount of additional CPU cycles and bandwidth required to process requests with data that does not validate is really quite negligible (if it weren’t, I would say your app is not as user-friendly and intuitive as it should be). Additionally, I would personally rather reload a page and get clear instructions on exactly which fields need attention rather than instantly get something less helpful. DHTML solutions (which I have not experimented with extensively) may be a good compromise, but I think you would need to come up with a very solid framework to make the additional development costs such that they are practical since data must still also be validated on the server.

What are your thoughts on validation?