It cannot. Even if you use JavaScript to try to limit what the browser allows the user to do, anyone can send an HTTP request to your server with absolutely arbitrary content. Only your server can determine if the input is reasonable and legal.
However, sticking some extra protection on client-side can help users avoid accidentally sending bad data, or can help save a round trip to the server to find out if some data is going to be accepted or not.
I am not normally the kind of person who would criticise someone's hard work, but the vast majority of these 'recipes' contain significant flaws, or do essentially nothing, and are misleading at best.
Extra round trips -- yes, the page I send back to the user will not be 100% waste since that page gets to have another collection of ads. For the server load and Internet data rate, good news would be when need more of those two!
In a sense, the round trip can help make the user interface (UI) easier for the user: The dialog can be really explicit and easy for nearly every candidate user in the world to understand immediately effortlessly. In contrast, an active UI based on a lot of JavaScript will look unique and need some thought, trials, and experience by the user. My UI is built with links, single line text boxes, and push buttons -- ancient controls billions of people understand. And the Web pages are in a hierarchy that people can understand easily because it is natural.
I'd likely prefer to minimize the JavaScript I send to a user and have my main software run only on the server side -- all in one place instead of distributed around!
You mentioned the issue of quality for software from someone else: Reasons I'm going with Microsoft are that (a) they actually do know how to write and document software tools and (b) everything my Web site is asking of those tools the tools have long since done successfully at thousands of Web sites.
While I've done a lot of programming, etc., this is my first Web site. Thanks!
However, sticking some extra protection on client-side can help users avoid accidentally sending bad data, or can help save a round trip to the server to find out if some data is going to be accepted or not.
I am not normally the kind of person who would criticise someone's hard work, but the vast majority of these 'recipes' contain significant flaws, or do essentially nothing, and are misleading at best.