You have a growing set of functional scripts. You have some web pages that interact with them, CSS to style both your HTML static pages and the HTML that your scripts dish out, and you could (and should) go in and add some client-side JavaScript validation. Things are looking pretty good.

But there’s a monster lurking in the deep. Even though you’ve occasionally added a die or a conditional to ensure that your queries return a result row, your code really assumes the perfect user: one who always types exactly what you expect, never enters a phone number in the email field or spaces in the Facebook URL field; someone who never needs to go back—and in fact never clicks her browser’s Back button at an inopportune time—and never enters her information into the same form twice by furiously clicking “Add my information” instead of waiting on her lousy Internet connection.

Of course, if you start thinking about your friends and family, you probably don’t know a lot of those types of users. And that’s a problem…a big problem. The reality of web software—and in fact any type of software—is that people will always find ways to break your best-intended pages, forms, and scripts. They’ll supply you bad information, leave out required fields, and make a general mess of anything and everything.