🔴 Advanced · Lesson 27
Form Validation
Form Validation
Why Validate and Sanitize?
Validation checks if input is correct (e.g. a valid email). Sanitization cleans input to remove dangerous characters. Both protect your site.
Example
$email = trim($_POST["email"]);
$email = filter_var($email, FILTER_SANITIZE_EMAIL); // sanitize
if (filter_var($email, FILTER_VALIDATE_EMAIL)) { // validate
echo "Valid email";
} else {
echo "Invalid email";
}Common Checks
empty()— required field check.filter_var(..., FILTER_VALIDATE_EMAIL)— email.htmlspecialchars()— prevent XSS on output.trim()— remove extra spaces.
Summary
- Validate = is input correct; Sanitize = clean dangerous characters.
- Use filter_var, trim, htmlspecialchars; never trust raw input.
Validate और Sanitize क्यों?
Validation जाँचता है कि input सही है या नहीं (जैसे valid email)। Sanitization input से खतरनाक characters हटाता है। दोनों आपकी site बचाते हैं।
Example
$email = trim($_POST["email"]);
$email = filter_var($email, FILTER_SANITIZE_EMAIL); // sanitize
if (filter_var($email, FILTER_VALIDATE_EMAIL)) { // validate
echo "Valid email";
} else {
echo "Invalid email";
}Common Checks
empty()— required field check।filter_var(..., FILTER_VALIDATE_EMAIL)— email।htmlspecialchars()— output पर XSS रोकें।trim()— extra spaces हटाएं।
सारांश
- Validate = input सही है क्या; Sanitize = खतरनाक characters साफ करें।
- filter_var, trim, htmlspecialchars use करें; raw input पर भरोसा न करें।