DEV Community

Discussion on: PHP Validating a form using PHP

lawrencejohnson profile image
Lawrence • Edited on

There's nothing to stop you from doing additional validation AFTER you have filtered it. You have made a very unwise choice to allow users to freely submit any form data to your code. Regardless of what you do before sending it to SQL, there are far more security implications you are completely ignoring by assuming you can just deal with that later.

Honestly, your library is fine, it's nice really. All you need to do is filter your inputs before you do all of your validation functionality. Fighting it is only going to bite you later when you have to work for an organization that cares about security.

All of this goes back to my original point that this how-to guide is only a "How to Use My Library" guide. This doesn't teach new developers a very important aspect of allowing users to submit content to your application: security.