contact form vulnerable to SQL injections if no database is used?
The Contact Form Solution Pack uses both client side and server side validations. My question is, when the contact form is only used to email the user's info, and is not connected to a database, is the form still vulnerable in some way to SQL injections? Is that the purpose of the server side validations in this case, or are the server side validations just to ensure the form is completed before submission in the case of a users javascript being turned off thus disabling the spry client side validations?
thanks!