PHP and MySQL for Dynamic Web Sites: Visual Quickpro Guide, Second Edition

More Secure Form Validation

In this book, form validation has been discussed several times, using different methods. The golden rule of validating any data received by a PHP page is to assume that it’s invalid until it passes the right tests indicating otherwise. At a bare minimum, you should

Use the superglobals (e.g., $_POST['name']) rather than the registered globals ($name).
Check text, password, and textarea form inputs for values using empty().
Check other form inputs for values using isset().
Check any form input by verifying that it has a positive length.

A better way to validate data is to see if it conforms to a certain type (like an integer), as will be covered shortly. An even more exacting method of form validation requires the use ...

Get PHP and MySQL for Dynamic Web Sites: Visual Quickpro Guide, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

PHP and MySQL for Dynamic Web Sites: Visual Quickpro Guide, Second Edition by Larry Ullman

More Secure Form Validation

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly