Clientsidevalidation On Forms Always Allows Server Calls ?

I’m trying to use client side validation on a form displayed with a CJuiDialog.

The widget is created as usual :

    $this->beginWidget('zii.widgets.jui.CJuiDialog', array(

        'id' => 'TPDialog',

        'options' => array('autoOpen' => false,'modal' => 'true'),


    echo $this->renderPartial('//thirdParty/_ajaxForm', array(

        'model' => new ThirdParty(),

        'action' => $this->createUrl('thirdParty/asyncCreate'),



So is the form :

    $form = $this->beginWidget('CActiveForm', array(

        'id' => 'third-party-form',

        'enableClientValidation' => true,


    echo $form->errorSummary($model);

    [here we renders the rows...]


    <div class="row buttons">

        <?php echo CHtml::submitButton('Go !'); ?>


    <?php $this->endWidget(); ?>

and in the related model object, validation rules are set to accept client side validation :

    public function rules() {

        return array(

            array('name', 'required', "enableClientValidation" => true),

            array('name', 'length', 'max' => 45),

            array('name', 'safe', 'on' => 'search'),



Now, I expect the client side validation to prevent any calls to the server as long as the form is not client side validated. Here, if my unique field ‘name’ is empty, I should see the error message and that’s all.

Unfortunately, the server is called all the time and the actionAsyncCreate() is always triggered, even if the field is empty.

What am I missing here ? :huh:

Hello Herode!

Maybe this can help you about what is going on. Reading the class reference about CActiveForm validation, says that:


Yep, I saw this note but I understood it in a slightly different way than the one you suggest. After me, what the docs are saying is : when it comes to save the object, server side validation is always triggered, even if the client input has already been validated by ajax or client script.

And this server side validation typically occurs when you save the object :

// CActiveRecord

    public function save($runValidation = true, $attributes = null) {

        if (!$runValidation || $this->validate($attributes))

            return $this->getIsNewRecord() ? $this->insert($attributes) : $this->update($attributes);


            return false;


That’s a good rule of course, because security matters.

Also, please note that the CActiveForm documentation states that :

Client side validation is meant to save requests to the server. It would be useless otherwise. That’s why I don’t expect the server to be called when the client side validation fails. Or am I misunderstanding something ?

Server-side validation is always performed to ensure the data validation! When the client side validation its true, through the CActiveForm.enableClientValidation, when you change focus on the form fields, its performed the validation against your model rules(). If you set the client validation to false, even if you have






the validation on client side its only done when you press the submit button and not when you change the focus on the form field. Imagine the user has the JS inactive… in some way, the validation needs to be performed. That’s why the server-side validation is always performed.

OK, that was the point I was missing : the validation occurs when the focus changes, not when you press the submit button !

Makes sense.

And that’s why I didn’t see it before : my form has a single field… :lol:

Thanks !