Data from the client should never be trusted for the client has every possibility to tamper with the data.In many cases, Encoding has the potential to defuse attacks that rely on lack of input validation.He has been a featured speaker at many industry events including Microsoft Dev Days and the ASP. Shannon speaks and trains for companies such as App Dev ( and Learn It ( and has been a featured speaker in training videos with Learn Key. Data validation over the Web is performed in one of two locations: on the user's computer, or on the Web server.NET and Web Services Solutions conference produced by PRO. He has also worked with large corporate clients including Microsoft, Universal Studios, MGM Studios, Monster.com/Flip Dog.com, Intel, Polygram Pictures, Prudential, Micro Accounting Systems, Sky Harbor International Airport, and Southern Automated Systems on projects using Microsoft technologies such as Visual Fox Pro, Visual Studio. Most applications perform their data validation on the user's local computer.Remember to check out Tizag's HTML forms lesson if you need to brush up on your form knowledge.
However, simply preventing attacks is not enough - you must perform Intrusion Detection in your applications.
You can avoid these headaches once and for all with Java Script's amazing way to combat bad form data with a technique called "form validation".
The idea behind Java Script form validation is to provide a method to check the user entered information before they can even submit it.