Back to blog
# Form Validation Best Practices for Better UX
Good form validation can make the difference between users completing your form or abandoning it in frustration. Here's how to implement validation that helps rather than hinders.
## Types of Validation
### Client-Side Validation
Immediate feedback as users type:
```javascript
// Real-time email validation
const validateEmail = (email) => {
const regex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
return regex.test(email);
};
input.addEventListener('input', (e) => {
const isValid = validateEmail(e.target.value);
showValidationState(isValid);
});
```
**Pros:**
- Instant feedback
- No server round-trip
- Better user experience
**Cons:**
- Can be bypassed
- Not suitable for complex validation
- Requires JavaScript
### Server-Side Validation
Essential for security and data integrity:
```javascript
// Server validation endpoint
app.post('/api/validate', async (req, res) => {
const errors = [];
// Check email uniqueness
if (await emailExists(req.body.email)) {
errors.push({ field: 'email', message: 'Email already registered' });
}
// Validate against business rules
if (!isValidDomain(req.body.email)) {
errors.push({ field: 'email', message: 'Corporate email required' });
}
res.json({ valid: errors.length === 0, errors });
});
```
## Validation Timing
### On Blur vs On Submit
**On Blur**: Validate when user leaves field
- Good for individual field validation
- Allows immediate correction
- Can be annoying if too aggressive
**On Submit**: Validate entire form at once
- Less intrusive
- Shows all errors together
- User might need to scroll back
**Hybrid Approach** (Recommended):
1. Validate on blur after first submission attempt
2. Show success indicators for valid fields
3. Inline validation for critical fields (passwords, email)
## Error Message Best Practices
### Be Specific and Helpful
❌ Bad: "Invalid input"
✅ Good: "Please enter a valid email address (e.g., john@example.com)"
❌ Bad: "Password too weak"
✅ Good: "Password must be at least 8 characters and include a number"
### Show Context
```html
id="email"
aria-invalid="true"
aria-describedby="email-error"
/>
This email is already registered.
Log in instead?
```
## Accessibility Considerations
### ARIA Attributes
```html
aria-required="true"
aria-invalid="true"
aria-describedby="email-error email-hint"
/>
```
### Screen Reader Support
- Use `aria-live` regions for dynamic errors
- Provide clear error summaries
- Ensure keyboard navigation works
## Progressive Enhancement
Start with HTML5 validation:
```html
required
pattern="[^@]+@[^@]+\.[^@]+"
title="Please enter a valid email"
/>
```
Then enhance with JavaScript:
```javascript
if ('validity' in input) {
input.addEventListener('invalid', (e) => {
e.preventDefault();
showCustomError(e.target);
});
}
```
## Validation in Zapforms
Zapforms handles validation automatically:
1. **Built-in field types** with appropriate validation
2. **Custom validation rules** per field
3. **API-level validation** for submissions
4. **Spam protection** without CAPTCHAs
Configure validation in your form settings:
```javascript
const formConfig = {
fields: [
{
name: 'email',
type: 'email',
required: true,
validation: {
pattern: '^[^@]+@company\.com$',
message: 'Please use your company email'
}
}
]
};
```
## Performance Tips
1. **Debounce validation** for real-time checks
2. **Cache validation results** to avoid redundant checks
3. **Validate in parallel** when possible
4. **Use Web Workers** for complex validation
## Conclusion
Good validation is invisible when it works and helpful when it doesn't. Focus on helping users succeed rather than catching them making mistakes.
Remember: validation is a UX feature, not a security feature. Always validate on the server, regardless of client-side validation.
Best Practicesvalidationuxforms
Form Validation Best Practices for Better UX
Client-side vs server-side validation, real-time feedback, and accessibility considerations for modern web forms.
Engineering TeamJanuary 5, 20255 min
# Form Validation Best Practices for Better UX
Good form validation can make the difference between users completing your form or abandoning it in frustration. Here's how to implement validation that helps rather than hinders.
## Types of Validation
### Client-Side Validation
Immediate feedback as users type:
```javascript
// Real-time email validation
const validateEmail = (email) => {
const regex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
return regex.test(email);
};
input.addEventListener('input', (e) => {
const isValid = validateEmail(e.target.value);
showValidationState(isValid);
});
```
**Pros:**
- Instant feedback
- No server round-trip
- Better user experience
**Cons:**
- Can be bypassed
- Not suitable for complex validation
- Requires JavaScript
### Server-Side Validation
Essential for security and data integrity:
```javascript
// Server validation endpoint
app.post('/api/validate', async (req, res) => {
const errors = [];
// Check email uniqueness
if (await emailExists(req.body.email)) {
errors.push({ field: 'email', message: 'Email already registered' });
}
// Validate against business rules
if (!isValidDomain(req.body.email)) {
errors.push({ field: 'email', message: 'Corporate email required' });
}
res.json({ valid: errors.length === 0, errors });
});
```
## Validation Timing
### On Blur vs On Submit
**On Blur**: Validate when user leaves field
- Good for individual field validation
- Allows immediate correction
- Can be annoying if too aggressive
**On Submit**: Validate entire form at once
- Less intrusive
- Shows all errors together
- User might need to scroll back
**Hybrid Approach** (Recommended):
1. Validate on blur after first submission attempt
2. Show success indicators for valid fields
3. Inline validation for critical fields (passwords, email)
## Error Message Best Practices
### Be Specific and Helpful
❌ Bad: "Invalid input"
✅ Good: "Please enter a valid email address (e.g., john@example.com)"
❌ Bad: "Password too weak"
✅ Good: "Password must be at least 8 characters and include a number"
### Show Context
```html
id="email"
aria-invalid="true"
aria-describedby="email-error"
/>
This email is already registered.
Log in instead?
```
## Accessibility Considerations
### ARIA Attributes
```html
aria-required="true"
aria-invalid="true"
aria-describedby="email-error email-hint"
/>
```
### Screen Reader Support
- Use `aria-live` regions for dynamic errors
- Provide clear error summaries
- Ensure keyboard navigation works
## Progressive Enhancement
Start with HTML5 validation:
```html
required
pattern="[^@]+@[^@]+\.[^@]+"
title="Please enter a valid email"
/>
```
Then enhance with JavaScript:
```javascript
if ('validity' in input) {
input.addEventListener('invalid', (e) => {
e.preventDefault();
showCustomError(e.target);
});
}
```
## Validation in Zapforms
Zapforms handles validation automatically:
1. **Built-in field types** with appropriate validation
2. **Custom validation rules** per field
3. **API-level validation** for submissions
4. **Spam protection** without CAPTCHAs
Configure validation in your form settings:
```javascript
const formConfig = {
fields: [
{
name: 'email',
type: 'email',
required: true,
validation: {
pattern: '^[^@]+@company\.com$',
message: 'Please use your company email'
}
}
]
};
```
## Performance Tips
1. **Debounce validation** for real-time checks
2. **Cache validation results** to avoid redundant checks
3. **Validate in parallel** when possible
4. **Use Web Workers** for complex validation
## Conclusion
Good validation is invisible when it works and helpful when it doesn't. Focus on helping users succeed rather than catching them making mistakes.
Remember: validation is a UX feature, not a security feature. Always validate on the server, regardless of client-side validation.