Just to be clear, Ajas's use of validateat="onblur,onsubmit,onserver" does in fact do both client- and server-side validation, but no doubt the whole subject of validation (client and server-side) is indeed important and deserves careful scrutiny from a security perspective.
On a separate topic, I realize some don't like CF's validation (not saying this is Dean's issue here) and CFForm in general, but some may find that it's improved quite a bit over the years and has things they never realized (and which have nothing to do with Flash or Java). To that end, check out the 2-page article I did in my backpage column of the FAQU back in late 2007, which lists 11 bullet points highlighting those features: Tipical Charlie: CFFORM: Are You Sure You Want to Ignore It? http://www.carehart.org/articles/faqu_4_tips_cfform.pdf Hope that's helpful. /charlie -----Original Message----- From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Dean H. Saxe Sent: Thursday, February 12, 2009 11:08 AM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] weird cfinput vs input stuff. date is shown as {d '2009-02-12'} vs 02/12/2009 Plus its a completely useless client side check which needs to be repeated server-side as well if you want any assurance that validation was successful. -dhs ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------