Validating user input php
Often, people confuse form validations with form security.Form security (preventing exploits like SQL injection, XSS attacks etc ) are to be handled in addition to form validation.Tip: Use the global title attribute to describe the pattern to help the user.Tip: Learn more about regular expressions in our Java Script tutorial.
For example, if you have set length limit in the database for a text input, it is better to do the validation before it actually gets cut off by the database system or even getting an error thrown.Drop down lists or radio groups can be used for single selections and lists with multiple selections are not user friendly. As you have seen in the previous section, the values for the checkbox group come as an array. Hackers target PHP web applications more often than other sites because most PHP code is written by developers with little security experience.When we display the form back again, it should not loose the form data the user already had filled-in.So we have to display the value from the $_POST in the input value attribute.