Very first we have to create a form in html setting action “#” and method “POST” with some fields, when a user clicks on submit button all the data starts travel in URL but it will be hidden, as we set method = “POST”.
Such code can now do no harm and is safe to be displayed on a page or inside an e-mail. if quotes are escaped with a slash \ let's remove that.
Sure, it may not look nice and tell you someone has been trying to mess with your script, but the important thing is he/she had failed! If you know exactly what kind of data to expect you can make further steps to ensure the user has entered what you want. Instead of writing the same code over and over again we can create a function that will do all the checking for us.
The validations also help in lesser server side errors.
For example, if you have set length limit in the database for a text input, it is better to do the validation before it actually gets cut off by the database system or even getting an error thrown.
What is the the most convenient way, the "best" way for validate a form with PHP? Because, more special characters can use the person when compile the password input during the registration, more secure is his account.
by storing PWs as hashes, someone who hacks your user table will see a bunch of hashes that wont work when entered into PW field.
We will cover a few samples like validating e-mail address and URLs later. Here we will name it check_input and simply call this function whenever we need to validate simple input data: Note the check_input function at the bottom.
What it does is takes the data passed to the function, strips unwanted characters (extra space, tab, newline) from the beginning and end of the data using the PHP trim() function, strips any quotes escaped with slashes and passes it through htmlspecialchars().
Required field will check whether the field is filled or not in the proper way.
Most of cases we will use the * symbol for required field.