brotherhood_of_LAN - 2:34 am on Dec 13, 2011 (gmt 0)

Have to agree with Bill's stance, I cringe when I have to update someones existing code and there's no sanitation of user input.

- You can't rely on client-side validation
- You can't rely on the user being a human
- Basically all your form data can be posted automatically

You need to validate the data before it gets to the database. If you create/buy cheap code without it, you'll suffer the headache sooner or later.