User input validation, client-side or server-side? [PHP/JS]

Question

Is it better to validate user input before it\'s sent to the server with JS or server side with PHP? Or maybe it\'s worth doing both just to be on the safe side?

I\'

Answer 1

Validation, ALWAYS server side. I can tamper with your form client-side and fill in crazy values and still get validated. I can't tamper with server-side scripts.

So when checking client-side, you're just saving a little time 'talking' with the server. Never use it to validate your data for real.