In addition to Solutions 1-2:
I hope you will succeed in validation on the client part. But if you reasonably use some form and validated it, you should submit the form data to the server side, otherwise the use of the forms makes little to no sense. But then you need to understand that
client-side validation is absolutely insufficient if security is an issue. In case when security can be possibly compromised by the client data, the malicious artist can
easily, very easily bypass your validation.
So, you always need to validate/sanitize such data on server side. I explained what can happen in real life if you fail to do so, on just one real-life example, in my past answer:
unable to send mail , it showing the error in below code .[
^].
Please consider it as a serious
security warning.
—SA