Before I go further, let me say that client side validation (and other client-side functionality) has its place. In many cases, it can make the user experience better by providing faster response than submitting the form to the server, and it can do things that the programmer thinks are helpful, like updating other fields as values are selected or entered. (Another pitfall is the programmer doing things that they think are helpful, without any consideration for the users that find the same thing very unhelpful, and weren’t given a way to disable the behavior, but that’s an article for another day)
However, because it can be easily bypassed, it is of absolutely no use for guaranteeing that the form submission meets certain criteria. The only place that can be done is on the server side, where the programmer has complete control over the data and the validation performed on it.
I hope this isn’t perceived as a rant, diatribe, or flame.I’m just trying to help people not to make the same mistake that so many people have already made (and in many cases, are still making).
– Mac Newbold