Validating input

Given that "never trust user input" is the golden rule on the web, you should spend quite some time making sure you validate any input you receive to make sure it is safe and what you were expecting.

There are several things you should aim to catch when validating input:

  • Mistaken input. User types 1095 rather than 10.95

  • Bad input. User purposefully provides incorrect input in attempt to gain advantage

  • Dangerous input. User innocently enters information that would harm the system

  • Missing input. User provides no input.

When validating input, we have two choices: validate on the client side using a scripting language, or validate on the server side using PHP.

 

Next chapter: Client-side validation >>

Previous chapter: Files sent through forms

Jump to:

 

Home: Table of Contents

Follow us on Identi.ca or Twitter

Username:   Password:
Create Account | About TuxRadar