Hi Ja, Validation is required before submitting a form to the server(database-mostly) to check for authenticity of certain things. Obviously when you say password cannot be empty, is it a point to send it the server? No. Then you must stop it before it reaches the server. This is client side validation. Now consider, I am trying to compromise someone's account and i send some info in the password. I need to check inthe DB if the info is correct or not. As this info is in the DB i need to do a server side validation.
Why, most importantly, we are talking about it because the sever side trip is expensive in terms of network bandwidth consumption(here which would be invalid request anyway-empty password request), connections and host of other things that are involved with the server side connections( sockets opening, etc-internal). So a server should be hit only when reqd. Thus most applications have a client side and a server side valdiation. Its a good practice also. [ November 09, 2006: Message edited by: RoshaniG Gopal ]
With regard to validation, it's important to understand that whether or not to do server-side validation is never a question. One must always do server-side validation.