Input validation
As stated in the last chapter, we didn't validate data coming from input sources although we avoided SQL injection as we were using the PDO prepare() and bindValue() methods. It was because we only wrote code in the last chapter to understand and learn. Otherwise, not having input validation is not only inconvenient but also insecure for applications.
To apply validation, we can either use manual checks or write a validator where we can simply pass input parameters and check against particular rules. This type of validator is very convenient, but writing a good validator also takes time, so it is better to use an already present open source validator. As you can see, we tried to write a router and then found issues. These ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access