Where is the best way to filter user input?


Users can interfere with any piece of data transmitted between the client and the server, including request parameters, cookies, and HTTP headers. Where is the best way to filter user input, on the client side or in the server side ?

If the filtering happening on the client side, users can look at filter implementation and then it can easily circumvented. But what’s about the server side ?