Here in the Web Development land of Current 360, we create and implement web forms on behalf of our clients. So, we make sure the forms look neat and professional, but that’s just one side to it. In fact there is a name for it. Front-end development. That’s the part of the service that is facing the users.
Now, if there is a front-end one might suspect that there is also a corresponding posterior side and that that person would be correct. I’m sure you already figured out what it’s called … The backend is for processing the data received from the user in the front end.
Now, when the front end passes off the user data to the back-end is it safe to assume that the information being passed is harmless? No way buster! The data that gets passed will most likely either be used to figure something out for the user or be housed in a database, or any number of other tasks that websites can do.
Anyway I took a long route to get to my point but here it is, That user inputed data has to be sanitized or filtered before it gets worked on, and definitely before it gets put onto a database table. If not properly sanitized this data could potentially compromise the security of your sites server and the data housed in your database.
PHP offers built in filter functions for sanitizing data. That combined with prepared sql statements can help put your mind at ease that you’ve done what is needed to protect the integrity of your database.
Rule of thumb: All data you get from a user is dangerous and will harm your database.