I have a lecturer at my Uni that is taking us for 'E-Commerce'. This lecture is teaching us to validate data on the client side using java-script. I want to raise that validation should be done on the server side so we shouldn't be learning this as java-script can de-enabled and 10% browsers dont have java-script enabled (W3C, 2005).
Is there any other reasons that she be teaching us client side validation using java-script? I want a strong case to backup my claim.
James Carman, President<br />Carman Consulting, Inc.
Most importantly, not doing server side validation is a security risk. Not only can client side validation be turned off, it can be spoofed. I can simply write an HTML page that posts to the server with invalid data; or more importantly malicious data, but with any "isValid" flag set to true. Like Gregg says, do Both.