This chapter covers the concept of input validation and shows you practical ways to sanitize the data coming into your application. If you learn only one thing from this book, let it be this: If you sanitize each and every piece of data that comes into your application, you will prevent a lot of the most common types of attacks.
So far we’ve kept things simple and allowed only one input field in the guestbook—a text area for comments. In this chapter, we’re going to give visitors the capability to enter their names as well.
Let’s take a look at the new feature code:
<?php// Create user interface$html = beginHtml();$html .= "Please enter your comment here: "; ...