SPEAKER: Let's take a look at a web page via which a user might register for something. Here, in form-0.html, I have a number of input fields in a form for email, for passwords, and for agreement to terms and conditions followed by a Register button. 

The HTML for this page, meanwhile, looks like this. I have here the first input called Email, another input called Password, another input called Confirmation, which in theory, should match the password that the user typed the first time, and then here, in Input, whose type is checkbox, followed by lastly, the actual Submit button. 

Now, notice there's nothing in this web page that does any form of validation of my input. I could type anything or nothing at all for email, for passwords, and I could check or not check that box, it would seem. 

Now, there might very well be some server side validation, so to speak-- some error checking of what I do and don't provide. But at least client side, there's no code that we've seen that actually ensures that I cooperate. Indeed, if I go back to form-0.html in my browser and type nothing at all, I end up, I see, at [? register-0.php ?], passed in as each HTTP parameters, our email, password, and confirmation, but no values for any of those, even though the page itself jokingly says that I've registered.