O'Reilly logo

PHP and MySQL for Dynamic Web Sites: Visual Quickpro Guide, Second Edition by Larry Ullman

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

More Secure Form Validation

In this book, form validation has been discussed several times, using different methods. The golden rule of validating any data received by a PHP page is to assume that it’s invalid until it passes the right tests indicating otherwise. At a bare minimum, you should

  • Use the superglobals (e.g., $_POST['name']) rather than the registered globals ($name).

  • Check text, password, and textarea form inputs for values using empty().

  • Check other form inputs for values using isset().

  • Check any form input by verifying that it has a positive length.

A better way to validate data is to see if it conforms to a certain type (like an integer), as will be covered shortly. An even more exacting method of form validation requires the use ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required