Validating input

Given that "never trust user input" is the golden rule on the web, you should spend quite some time making sure you validate any input you receive to make sure it is safe and what you were expecting.

There are several things you should aim to catch when validating input:

  • Mistaken input. User types 1095 rather than 10.95

  • Bad input. User purposefully provides incorrect input in attempt to gain advantage

  • Dangerous input. User innocently enters information that would harm the system

  • Missing input. User provides no input.

When validating input, we have two choices: validate on the client side using a scripting language, or validate on the server side using PHP.


Want to learn PHP 7?

Hacking with PHP has been fully updated for PHP 7, and is now available as a downloadable PDF. Get over 1200 pages of hands-on PHP learning today!

If this was helpful, please take a moment to tell others about Hacking with PHP by tweeting about it!

Next chapter: Client-side validation >>

Previous chapter: Files sent through forms

Jump to:


Home: Table of Contents

Copyright ©2015 Paul Hudson. Follow me: @twostraws.