Form validation is focussed towards the user input where as the security validations should be focused on how you use the data.
When you use the form data in an SQL query, it should be validated against SQL Injection.
The validations also help in lesser server side errors.
For example, if you have set length limit in the database for a text input, it is better to do the validation before it actually gets cut off by the database system or even getting an error thrown.
Then you can just check for ’emptiness’ : For dropdown lists, we are to set the ‘selected’ attribute for previously selected item.
Check box groups are great when you want to allow multiple options for a field. We need to validate that at least two options are selected.
Dropdown lists usually have one item labelled “Select…”.
One way to validate that the user selected something other than the default “Select …” item is to keep its value empty.
For example, if your form has a box for the user to type their email address, you might want your form handler to check that they've filled in their address before you deal with the rest of the form.
There are two main methods for validating forms: (usually done using Java Script).