oppps , these things never came to my mind may be because this will be internal application and never accessed from outside our network but in general you are right..you you recommend client side and server side validation or just server side?
First, you need to decide at what point you want to validate. Customarily, validation happens at form submission time, but sometimes fields are validated as soon as the user tries to leave them.
Once you decide on that, you need to figure out how to handle the events that are triggered at those points.
Once you've got the event handling down, then it's time to go on to the next subject: grabbing and validating the data.
Sherif, Don't trust those internal users too much either. What happens if you have a disgruntled employee who decides to wreck the database? The fact that they could enter - say a SQL query - in your text field and run a delete would be a really bad thing.
Your handler is hard-coded to check a specific field. Most forms have many fields that need to be checked, and the only way to create a common handler would be to use the Event instance to discover the triggering component.
Sure, there are trivial cases where you may not run up against browser differences, but as soon as event handling needs to do anything of substance, those differences are right there in your face -- I have the lack of hair to prove it!