Validating user input in php
Let’s take a look at how you might receive user controllable data: This is a pretty tricky subject, because if you’re too specific, you might miss a scenario where perfectly valid data is rejected, but if you’re too unrestrictive, you’ll get data that’s not useful.
In addition, there are two approaches to validating user input: inclusive and exclusive. Before you can protect yourself from unwanted data, injections, script crashes, and the like, you’d be smart to follow the next three steps to ensure that you understand the methods, data, and its applications.After you’ve asked yourself those questions and thought about your data, you’ll have a good idea on where to start, but just knowing the concept won’t help you with implementation, so let’s take a closer look at each of these.There are a lot of places a user can change your data, so the best way to look at it is so: if you’re using a piece of data that you did not create and are not in control of every step of the way, you need to validate it.As a side note, filtering, validating, and escaping data are technically speaking three different things, but for simplicity sake, when I refer to validatation, I’m really refering to some or all of those aspects.There are exceptions to every rule, but now that you know what’s possible and how things are commonly utilized, you have the knowledge to take that and apply it to your own specific project.
If you have suggestions or questions, feel free to leave comments below.
I'm new to php and mysql and I'm trying to check if a user has entered something into a a coupls of textboxes and to also check if what has been entered is string.
Inclusive means that you specifically tell your application what is acceptable input, and exclusive let’s you specify the kind of data you don’t want.
An inclusive example would be to say that you want a number greater than zero, but less than fifty. The exclusive version would state that a number less than zero or greater than fifty is unacceptable. A different example would be checking that a phone number consists of only digits, parenthesis, or hyphens (inclusive) versus ensuring that the phone number doesn’t contain any letters or other symbols (exclusive).
Most of the time you’ll probably end up using a combination of the two, depending on whichever scenario is easier to test.
Here are several ways your data can be used and what the best practices are for working with such data: The purpose of this article was to give you an idea of the methods, data, and its application in systems.