How do you avoid duplication of validation on the server and client-side? Is there a web programming platform that generates one from the other, so I don't have to keep the two in sync?

There are frameworks that can generate the client-side validation from serverside validation configuration.

Now I don't know what language or frameworks you are using, but maybe this article can be of help: http://www.emadibrahim.com/2008/09/08/client-server-side-validation-in-aspnet-mvc/

He's using Castle Validator Component together with JQuery and adds some glue to generate the clientside validation based on the serverside validation attributes. It's for asp.net mvc.

/Asger

Most forsake client side scripting and just do server side nowadays. You can use ajax when sending the post, so that the response is a bit lighter weight than reloading the whole page.

Server-side validation is required simply because client-side validation can be disabled.

Client-side validation isn't required, but it makes your application more responsive during error handling, as you no longer need to do a form submit to the server and wait for the resulting page to come back.

A well-designed application uses both.

As a side note, Ajax can be used for certain kinds of validation, such as checking for duplicate usernames on a user registration form. However, basic validation, such as checking if a field contains only numbers, should be done without it.

As others mentioned, you should keep the duplication, as the client-side validation is to help the application react sooner to help the user, but, the real validation is on the server-side, as you should never trust anything passed in until it has been validated. You will probably do more extensive validation on the server-side, esp if there is a need to check against a data source, for example, is the username unique would be on the server-side, but is the username long enough, or an email address, could be done on the client-side, and server-side.

I tend to put in comments when there is duplication, especially if I am using a regular expression, to make certain that what changes in one is changed in another.

Good unit tests will help to ensure that these two will always remain in sync.

I think the best way is to use a component that offers both. Their code has been tested, and you don't need to maintain it. I have used Peter Blum's controls in the past with great success. Other than that I think you will have to maintain two code bases if you want to offer both. There is a tool called Script# which can help compile C# to Javascript (it does a translation, not a real compilation), but I am not sure how great it would work for this situation.

It's best to do validation on the server side in most cases. You have many different options to make this easier such as Ajax or using sticky forms in PHP. I personally tend to do validation on the server side because the user has the option to turn off JavaScript and they can't turn off validation on the server.....

What you can do is have the server-side validation logic being run by web services that your client-side validation can call via AJAX and also when you post back to your server.

Asp.net Version 1 had validator controls to do what you are asking

http://msdn.microsoft.com/en-us/library/yb52a4x0.aspx