At the beginning of this chapter, we designed a web form that accepts user input, stores it in the database and presents it to the visitors of the site. Since our application will be open to the public, anyone can register and submit whatever data they want. Therefore, we need to take certain precautions to handle the situation in which malicious data is supplied.
The golden rule in web development is "Do not trust user input, ever." You must always validate and sanitize user input before saving it to the database, and before presenting it in HTML pages. In this section, we will discuss how to achieve this, and how to avoid two common vulnerabilities in web applications.