> This is more than just a nice feature - it's architecturally very > important that web applications always have client-side > validation as a subset of server-side validation (maybe equals, > but never ever more); so it's dangerous to let people get in > the habit of separately adding client-side validation in case they > start thinking "hey, I already validated on the client, I can > save time and not re-validate on the server".
Yes, client-side validation in a webapp is always no more than a feature and business logic must never rely on it. That's what I always preach, too. Even more. Serious validation has (at least) 3 phases: 1. client side: not too complex (e.g. required field, numeric, valid date) 2. server side presentation tier: same as client side, just to guard against client validation failures 3. business logic tier: complex validation, e.g. "Is the data consistent with what the user entered in a previous form?" or "Is the entered number really a prime" - may be difficult both in client javascript and BL if it is a really big num ;-) Manfred
