The server-side is what's on the other side of the Web (as far as the user is concerned). The data collected from the user gets sent to the server usually either by hitting a submit button or in the background via AJAX techniques. Usually the form data interacts with a database, hence additional validation must occur.

While client-side validation reduces typical user errors, the client-side validation is designed to fight malicious attacks, especially SQL injection and cross-site scripting (XSS), since the hackers can skip the client-side form. SQL injection is where a hacker tries to insert their hacked code into requests received by the server. XSS is where a hacker tries to insert hacked code into code that is received by the user. At the worst, SQL injection could give a hacker total control of the server, but stealing or modifying data is also possible. XSS is often achieved through SQL injection, and the effect is usually such that the user thinks they are going to a site from the server, when they are actually going to a hacker's. There are other security affects possible such as spam and denial of service attacks.

Server-side form handling is similar to client-side form handling:

Page Modified: (Hand noted: ) (Auto noted: )