The best point to validate length is at the time of input. Sure you can get around this, but specifying the MAXLENGTH attribute in your input tags will avoid casual submission of extra long data in text fields. Of course you always need to revalidate on the server side. Here is a snippet from the RFC on the input tag.

8.1.2.1. Text Field: INPUT TYPE=TEXT

The default value of the TYPE attribute is `TEXT', indicating a single
+ line text entry field. (Use the <TEXTAREA> element for multi- line t
+ext fields.) 

Required attributes are: 

NAME
name for the form field corresponding to this element. 
The optional attributes are: 

MAXLENGTH
constrains the number of characters that can be entered into a text in
+put field. If the value of MAXLENGTH is greater the the value of the 
+SIZE attribute, the field should scroll appropriately. The default nu
+mber of characters is unlimited. 

SIZE
specifies the amount of display space allocated to this input field ac
+cording to its type. The default depends on the user agent. 

VALUE
The initial value of the field.
 
For example: 

<p>Street Address: <input name=street><br>
Postal City code: <input name=city size=16 maxlength=16><br>
Zip Code: <input name=zip size=10 maxlength=10 value="99999-9999"><br>
[download]

Hope this helps

tachyon