1) NEVER trust data submitted from the client