CF Muse Reader Asks: You suggest both client and server side should be used for validation.
Just to check - I should code so that js picks up the errors first using event code or onsubmit then let server side pick up the errors on submit using cfinput validate/required etc.
One additional approach provided by Coldfusion that some folks use is the "hidden variable" approach.
Client-side validation should be designed to catch user mistakes and notify them of the mistakes quickly.
Server-side validation ensures that the values receive constrain to your business logic rules and that they don't break your code. It's like the story of the fireman, who has pants and suspenders, sure the suspenders are nice, but if they fall and you have no belt, how will you hold your pants up?
So use client validation, it's great as a first step for validation..
But have the server side just in case, especially if you use it within queries or any other highly sensitive to ways to specify datatype's for incoming variables.
Using something like "service capture" by Kevin Langdon ( you can upack web service and AMA calls pretty handilly.
Doing it all on the client side in flex only amounts to security by obscurity.
Client-side validation basically just improves the UI for the user.
I'm a strong advocate of client-side validation, but I've also seen people spend to much time trying to bullet proof their client-side validation while ignoring server-side validation.
You should add client side validation to reduce round trips to the server and maximize the user experience but don't rely on it to keep your site safe or your data sound.