Home >Backend Development >PHP Tutorial >PHP Security Common Sense Verification Data_PHP Tutorial
LearningYour users are probably pretty good, and most of them are probably using the app exactly as expected. But wherever there is an opportunity for input, there is also a high probability of very bad input. As an application developer, you must prevent your application from accepting incorrect input. Careful consideration of the location and correct value of user input will allow you to build a robust, secure application.
Listed below are general validation tips for various types of validation data:
Use values from a whitelist
Always revalidate limited options
Use built-in escaping functions
Verify correct data type (e.g. number)
White-listed value is the correct value, as opposed to invalid black-listed value. The difference between the two is that typically when validating data, the list or range of possible values is smaller than the list or range of invalid values, many of which may be unknown or unexpected values.
When validating data to keep PHP secure, remember that it is often easier to design and validate the values your application allows than to protect against all unknown values. For example, to limit a field value to all numbers, you need to write a routine that ensures that the input is all numbers. Do not write routines that search for non-numeric values and mark them as invalid when they are found.