I've got my first registration project coming up within the next couple of weeks. Writing the actual registration code coupled with an automatic e-mail, subsequent comprehensive registration-and-payment-form page, and numerous insert and update scripts for my registered users' dashboard may take me a few days. At the moment, I'm still structuring the tables for a fairly complex site. According to everything I've learned over the last two years, both is best. JS for speed and client convenience only. Server-side validation for your (and your user's) protection. As I understand it, a monkey could get around js validation. I'm going to try to have the equivalent of three feet of titanium/high carbon tungsten steel alloy protecting my dbases. Actually my registered users will only be allowed to insert and update (via forms) to a "holding" dbase and I'm going to review all material for content before dumping it into the real McCoy myself.