To start with, the script lists the number of steps that you need to take when working with form data. The first step is of course to validate the form data. This includes:

• Checking if the name field is filled in.

• Checking if it is the correct length.

• Checking if it is valid, i.e it contains only letters.

We can do this because we know what type of data we expect our application to be processing. Also we have put in some restrictions on the length that the name should be; in addition, we check to see if the value contains the right type of data. All of this is designed to ensure that any malicious user has a difficult time trying to carry out an attack.

//validate data

//1. Check if the name field is filled in:

//2. Check if it is the correct length

//3.Check if it is valid i.e it contains only letters

The code than checks to see if the form has been submitted:

if(isset($_POST['Submit'])){

Once the form has been submitted, the first checks are carried out. This includes checking to see if the values are empty. This is achieved by using the very useful empty() function:

$err=FALSE;

$error="<ul>";

if(empty($_POST['name'])){

$err=true;

$error .="<li>Please enter a name.</li>";

}

Then we check to see if the length of the name is eight characters long:

if((strlen($_POST['name']))< 8){

$err=true;

$error .="<li>Please enter a valid name.</li>";

}

The last check is to make sure that the value actually contains only letters. We use regular expressions (the eregi() function) to check:

if(!eregi('^[[:alpha:].'-]{2,8}$',$_POST['name'])){

$err=TRUE;

$error="<li>The name should only contain letters.</li>";

}

The age of the user is put through almost the same checks. Since we are dealing with a number, one of the checks includes testing the value to see if it is actually numeric. The is_numeric() function is used for this purpose:

if(empty($_POST['age'])){

$err=true;

$error .="<li>Please enter a age.</li>";

}

if(!is_numeric($_POST['age'])){

$err=true;

$error .="<li>The age that you entered is not a number. Please check and try again</li></ul>";

}