The process of filtering data can encompass any or all of the following:
Removing unwanted characters (that is, removing
<script>
tags)Performing transformations on the data (that is, converting a quote to
"
)Encrypting or decrypting the data
Encryption is covered in the last recipe of this chapter. Otherwise, we will present a basic mechanism that can be used to filter $_POST
data arriving following form submission.
First of all, you need to have an awareness of the data that will be present in
$_POST
. Also, perhaps more importantly, you will need to be aware of the restrictions imposed by the database table in which the form data will presumably be stored. As an example, have a look at the database structure for theprospects
table:COLUMN TYPE NULL DEFAULT first_name varchar(128) No None NULL last_name varchar(128) No None NULL address varchar(256) Yes None NULL...