Validating input
Given that "never trust user input" is the golden rule on the web, you should spend quite some time making sure you validate any input you receive to make sure it is safe and what you were expecting.
There are several things you should aim to catch when validating input:
-
Mistaken input. User types 1095 rather than 10.95
-
Bad input. User purposefully provides incorrect input in attempt to gain advantage
-
Dangerous input. User innocently enters information that would harm the system
-
Missing input. User provides no input.
When validating input, we have two choices: validate on the client side using a scripting language, or validate on the server side using PHP.
Next chapter: Client-side validation >>
Previous chapter: Files sent through forms
Jump to:
Home: Table of Contents
Follow us on Identi.ca or Twitter
Copyright 2012 Future Publishing Limited (company
registered number 2008885), a company registered
in England and Wales whose registered office is at
Beauford Court, 30 Monmouth Street, Bath, BA1 2BW, UK