- The first thing to do in order to prevent injection attacks is to properly validate inputs. On the server side, this can be done by writing your own validation routines, although the best option is using the language's own validation routines, as they are more widely used and tested. A good example is filter_var in PHP or the validation helper in ASP.NET. For example, an email validation in PHP would look similar to this:
function isValidEmail($email){
return filter_var($email, FILTER_VALIDATE_EMAIL);
}
- On the client side, validation can be achieved by creating JavaScript validation functions, using regular expressions. For example, an email validation routine would be as follows:
function isValidEmail (input) { var result=false; ...