The client side validation has a number of features: In order to use validators effectively, it helps to have a firm definition of what they are.
Another element in our solution is the Validation Summary control.
This is very important, since this code WILL be reached if the clientside validation is not used, for some reason.
Once it comes to serverside validation, it's your job to make sure that no sensitive code is executed unless you want it to.
Most Web sites do all of their validation checks on the server.
You need to write the server-based checks anyway for clients without script, so it can be hard to justify writing it all over again for rich clients.