As a full-time Web programmer, with a keen concern for security, it should be pointed out that Javascript or client-side validation, should only be the first of two validations. Rule 1 of form validation is "trust no input." Javascript can be hacked into submitting nefarious or "tainted" input to the server where the real damage can be done. All user input should be checked or "untainted" server-side as well, especially when that data is being stored in a database (as most forms do). Javascript is great for that quick feedback to the user upon submission, avoiding the trip to the server, but it should never be trusted as the final filter.