Php script for validating forms
Input Validation is the outer defensive perimeter for your web application.This perimeter protects the core business logic, processing and output generation.With more and more personal information being stored on the Web—credit card data, social security numbers, maiden names, favorite pets—today's PHP developer cannot afford to be ignorant when it comes to security.Sadly, most beginning programmers fail to understand the truth about security: there is no such thing as "secure" or "insecure." The wise programmer knows that the real question is a site is.You'll notice that we've used PHP to insert the form as the current page.That's because we are using the "redirect-after-POST" technique as illustrated here: This is explained in more detail in our CAPTCHA article.The important characteristics of a form handler is that it verifies that the required variables have been set, and that they have appropriate values.Remember to be thorough as this is your last (only real) line of defence against malicious scripts. Naming the button is useful in case there are multiple forms on the page. In reality we have special functions for validating email addresses and other data types - as will most Java Script libraries.
For example, you can have an input field that should not be empty, should be less than 25 chars and should be alpha-numeric. In some dynamically programmed pages, it may be required to change the validations in the form at run time.The first thing the form handler does is check that all the fields in our form, including the button, appear in the POST array. We also have more advanced functions for sending email.