add footnote on Bootstrap docs' client-side validation suggestion

Author: Xronophobe

chapter_13_database_layer_validation.asciidoc

@@ -260,6 +260,20 @@ been passed an error variable, and if so, we do this:
 ((("form control classes (Bootstrap)")))
 Take a look at the https://getbootstrap.com/docs/5.3/forms/validation/#server-side[Bootstrap docs] for more
 info on form controls.
+footnote:[... and ignore their advice to prefer client-side validation.
+Ideally, having both server- and client-side validation is the best.
+If you can't do both, then server-side validation is the one you really can't do
+without.
+Check the
+https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/stable-en/02-checklist/05-checklist.html[OWASP checklist],
+if you are not convinced yet.
+Client-side validation will provide faster feedback on the UI, but
+https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html#client-side-vs-server-side-validation[it is not a security measure.]
+Server-side validation is indispensable for handling any input
+that gets processed by the server -- and it will also provide albeit slower,
+feedback for the client side.]
+
+
 // CSANAD: these are the new docs for Bootstrap, but for some reason they begin
 //         with saying "We recommend client-side validation" which is bad.
 // Client side validation is fine for faster UI aesthetics, sure. But they are