The drawback of validation at the client is that it depends on the user and his environment: the user can disable Java Script, and can willfully or passively circumvent the validation, and the client environment isn't usually managed or standardized by the developer of the web database application.
Server-side validation is usually performed in a middle-tier script and is the essential validation tool.
He is a Microsoft Certified Application Developer (MCAD), Microsoft Certified Solution Developer (MCSD) and a Microsoft Certified Trainer (MCT) who has been developing Microsoft Windows and Web-based solutions as well as training for over 12 years. Shannon lives in Glendale, AZ, and is married with two daughters and a son. Validating the information entered by users is an essential part of developing a professional Web-based user interface.
Otherwise, you are allowing attackers to repeatedly attack your application until they find a vulnerability that you haven't protected against.
Detecting attempts to find these weaknesses is a critical protection mechanism.
For example, if you use HTML entity encoding on user input before it is sent to a browser, it will prevent most XSS attacks.
However, simply preventing attacks is not enough - you must perform Intrusion Detection in your applications.