The PHP Normal Form

How do you validate your form data? Using JavaScript? A second action-handler script? Maybe not at all, or only partially?

As explained in Chapter 4, data supplied by a user in a form submission or query should be treated as "contaminated" until it has been validated by your application. So you'd better check that input. But how to validate it?

JavaScript is one commonly used method. But JavaScript should never be the only validation method used—the user may have turned it off due to the security risks related to client-side scripting, or the browser may not even support it. In a worst- case scenario for your Web site users, you'll have to deal with disabled JavaScript capabilities. Because of the different implementations ...

Get Web Application Development with PHP 4.0 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.