this is a question that hasn't directly been asked yet..
I develop for a company which serves millions of web customers per year. Many of our web applications were written years ago (and with bad practice) that relies entirely on java-script for the pages to work, most notably web form validation.
Plus, adding in an opening and closing tag and a re-direct can be developed in 5 seconds whereas server validation requires a lot more time and money.
What're your thoughts??
What is the real advantage of server validation if we now have noscript besides the 1% of users who will just have to enable their scripting?
noscript tags. One thing not having server side validation is that it open up sql injection attacks as well.
Server validation cannot be disabled or bypassed by clients, whereas client side validation can.
to your client.
If it does, then you need server side validation asap, before someone attacks your site.