However, in the example above, all input fields are optional.
Input Validation is the outer defensive perimeter for your web application.
These pages will show how to process PHP forms with security in mind.
Be aware of that any Java Script code can be added inside the - this would not be executed, because it would be saved as HTML escaped code, like this: <script>location.href(' The code is now safe to be displayed on a page or inside an e-mail.
We will also do two more things when the user submits the form: The next step is to create a function that will do all the checking for us (which is much more convenient than writing the same code over and over again). Now, we can check each $_POST variable with the test_input() function, and the script looks like this: Notice that at the start of the script, we check whether the form has been submitted using $_SERVER["REQUEST_METHOD"].
This approach is also possible in Web Logic Workshop.
In addition, server-side validation checks the user input on the server side.
Detecting attempts to find these weaknesses is a critical protection mechanism.