Given that "never trust user input" is the golden rule on the web, you should spend quite some time making sure you validate any input you receive to make sure it is safe and what you were expecting.
There are several things you should aim to catch when validating input:
Mistaken input. User types 1095 rather than 10.95
Bad input. User purposefully provides incorrect input in attempt to gain advantage
Dangerous input. User innocently enters information that would harm the system
Missing input. User provides no input.
When validating input, we have two choices: validate on the client side using a scripting language, or validate on the server side using PHP.
If this was helpful, please take a moment to tell others about Hacking with PHP by tweeting about it!
Next chapter: Client-side validation >>
Previous chapter: Files sent through forms
Home: Table of Contents
Copyright ©2015 Paul Hudson. Follow me: @twostraws.