if ( isset( $_POST[ ‘name’ ] ) ) $name = strip_tags( trim( $_POST[ ‘name’ ] ) ); Here we check if the name is there with the isset() function.This checks if the variable is there and also checks to verify the variable is not NULL.Now that we know what data we’re accepting, and we know what it’s allowed to be, let’s check the type of data that’s coming in.Most data that comes in from a post is considered a string.PHP security is securing your site in PHP, to help prevent the bad guys from gaining unauthorized access to your site’s data.It helps you keep your data’s integrity and ensures availability as needed.
And that pretty much sums up why you should secure everything.
And if you’re accepting any data coming in, then you’re vulnerable because you’re allowing people to do whatever they want.
Imagine that you’ve got a user form that accepts adding comments on a page.
We know that the $_POST[ ‘email’ ] is an email address, so we want to check the format to make sure it’s a valid email address.
In this example, we’ll say that we don’t want to allow comments over 256 characters.