Alright have fun but I'll leave you with a quick example. Let's say you have a database that stores JSON object (example: mongodb) and you have a form for inserting a task for a certain user
// let's say the JSON looks something like this
{
taskTitle: "My Task",
taskDescription: "Blah Blah Blah gotta clean my room",
taskPriority: "9001"
}
on both the client you might run a function like this (pseudo code)
// CLIENT CODE
// assuming that you've grabbed the information out of the html form
var cleanAndValidateTask = function(taskObject) {
// removes extra properties, limits character count,insures that each field has the right data type, strips out html, etc..
};
// this client side validation is techniquely not required but it limits bad requests to your server and gives feedback to the user faster
cleanAndValidateTask(theTask);
but before sending it to the server or on the server it will attach some information about whos currently logged in, and then on the server you would run something like this
// SERVER CODE
var cleanAndValidateTask = function(taskObject) {
// removes extra properties, limits character count, insures that each field has the right data type, strips out html, etc..
};
//using the same function that was on the client
cleanAndValidateTask(theTask);
checkIfUserIsOwnerOfTask(theTask, currentUser);
// finally is passed all checks, can now be inserted into the database
insertTask(theTask);