Validating Forms
Security begins with the server's operating system and ends with the user interface. One very common and slippery issue is HTML forms. HTML forms are ubiquitous on the Web, particularly in more advanced Web applications. The security concern lies in the fact that the PHP page handling the form will do something with the information the user enters: store it in a database, pass it along to another page, or send an email. If the information the user enters is tainted, you could have a major problem on your hands. As a rule, do not trust the user! Mistakes can happen, either on purpose or by accident, that could reveal flaws in your code, cause the loss of data, or bring your entire system to a crashing halt.
This first code example ...
Get PHP Advanced for the World Wide Web: Visual QuickPro Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.