posted 14 years ago
Server-side validations are required even *with* client-side validation: users may have JavaScript turned off, a malicious (or simply curious) user may hand-craft requests either in the browser's URL bar or via some other means, and so on. *Any* data received by the server must be validated.