服务器端验证是必须，客户端验证是 plus .

Server-side validation is a must, client-side validation is a plus.

如果仅使用客户端验证，那么邪恶的人会入侵您的系统以发布未经验证的内容-破坏脚本并可能利用您的系统.从安全角度来看，这非常糟糕.

If you only use client-side validation, nefarious people will hack your system to post un-validated stuff - breaking your scripts, and potentially exploiting your system. This is very bad from a security standpoint.

也就是说，您还应该包括客户端验证，因为这比往返服务器的速度要快得多，并且可以为您的用户提供即时反馈.这样可以使您的用户满意，并使他们回到您的网站.

That said, you should also include client-side validation, since that's much quicker than a round trip to the server, and gives your users instant feedback. This'll keep your users happy, and will have them coming back to your site.

因此，如果可能，请同时使用.如果您不能/不愿意，那么至少可以在服务器端进行.仅客户端验证是灾难的根源！

So, if possible, use both. If you can't/won't, then at least do it server-side. Client-side-only validation is a recipe for disaster!