In this book, form validation has been discussed several times, using different methods. The golden rule of validating any data received by a PHP page is to assume that it’s invalid until it passes the right tests indicating otherwise. At a bare minimum, you should
Use the superglobals (e.g., $_POST['name']) rather than the registered globals ($name).
Check text, password, and textarea form inputs for values using empty().
Check other form inputs for values using isset().
Check any form input by verifying that it has a positive length.
A better way to validate data is to see if it conforms to a certain type (like an integer), as will be covered shortly. An even more exacting method of form validation requires the use ...