Validating form data with PHP
The first thing we want to do is pass all the variables through the PHP htmlspecialchars () function.
After we use the Htmlspecialchars () function, if the user tries to submit the following in the text field:
<script>location.href (' http://www.hacked.com ') </script>
-The code will not execute because it will be saved as an escape code, like this:
<script>location.href (' http://www.hacked.com ') </script>
Now this code appears to be safe on the page or in an e-mail message.
When the user submits the form, there are two things we need to do:
(via the PHP trim () function) removes unnecessary characters from user input data (extra spaces, tabs, line breaks)
Remove backslash (\) from user input data (via PHP stripslashes () function)
Next we create a check function (which is more efficient than writing the code over and over again).
We name the function Test_input ().
Now we can examine each $_post variable through the Test_input () function, which is the script:
Instance
<?php//defines the variable and sets it to a null value $name = $email = $gender = $comment = $website = ""; if ($_server["request_method"] = = "POST") { $ Name = Test_input ($_post["name"]); $email = test_input ($_post["email"]); $website = test_input ($_post["website"]); $comment = Test_input ($_post["comment"]); $gender = Test_input ($_post["Gender");} function Test_input ($data) { $data = trim ($data); $data = Stripslashes ($data); $data = Htmlspecialchars ($data); return $data;}? >