> >..., it's just that I have done lots of
> >client-side scripting, but zilch server-side, so I would have to start
> >from scratch.

> If you're ever going to do something that's beyond what comes "out of
> the box" you'll need to get involved with some server-side scripting.
> At some point you started from scratch on client-side, server-side's
> not really any harder (though debugging can be a pain in the ass),
> it's only different.

> Cleanup yes, control no.  If you don't always assume that every piece
> of data your server receives is absolute garbage sent by some hacker,
> you're likely to run into trouble whether you're asking for it or not.
> Any bad data you keep away from your server by depending on
> client-side scripting, I can put into it by sending the data directly
> to the server without ever running your client-side code.  Don't think
> that sending the data encrypted makes any difference, if you're
> depending on client-side validation your server may end up getting
> securely encrypted garbage.

> Client-side scripting is not the place to validate data beyond the
> aspect of issuing descriptive error messages to help the user.  You
> can pop up cute message boxes, help make things easier for the user,
> have some kind of mini-app that figures out the data for him, maybe
> helps with navigation, but all data still needs to be checked when it
> reaches the server.  Client-side scripting is front-end stuff,
> user-interface enhancements, the minute you start putting
> functionality into client-side that the server depends on, you're
> offering yourself up to every hacker on the planet.