Hudzilla.org - the homepage of Paul Hudson

7.7 Validating input

This is NOT the latest copy of this book; click here for the latest version.

Given that "never trust user input" is the golden rule on the web, you should spend quite some time making sure you validate any input you receive to make sure it is safe and what you were expecting.

There are several things you should aim to catch when validating input:

Mistaken input. User types 1095 rather than 10.95
Bad input. User purposefully provides incorrect input in attempt to gain advantage
Dangerous input. User innocently enters information that would harm the system
Missing input. User provides no input.

When validating input, we have two choices: validate on the client side using a scripting language, or validate on the server side using PHP.

<< 7.6 Files sent through forms		7.7.1 Client-side validation >>
Table of Contents

Want to see this stuff in print? PHP in a Nutshell takes the core topics covered here, adds in thousands of edits from the editorial team and myself, and combines them to make an unbeatable reference for PHP programmers at all levels.

My latest book has hundreds more tips on how to use PHP, Apache, and MySQL, plus Perl, Python, shell scripts, performance tuning, and more!

tacdave@hotmail.com - 08 Sep 2008

hello

Add comment
Please note that by posting a comment here you are committing it to the public domain. This is important so that others can make use of your code themselves, and also so that I can incorporate helpful notes directly into the main text. Comments are limited to 2000 characters in length.

If you are reporting an error in the content, please tell me directly.