The PHP Normal Form
How do you validate your form data? Using JavaScript? A second action-handler script? Maybe not at all, or only partially?
As explained in Chapter 4, data supplied by a user in a form submission or query should be treated as "contaminated" until it has been validated by your application. So you'd better check that input. But how to validate it?
JavaScript is one commonly used method. But JavaScript should never be the only validation method used—the user may have turned it off due to the security risks related to client-side scripting, or the browser may not even support it. In a worst- case scenario for your Web site users, you'll have to deal with disabled JavaScript capabilities. Because of the different implementations ...
Get Web Application Development with PHP 4.0 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
