Can someone show me the best way to securely validate form data in PHP?
My main question is not about validating the data itself but how to implement validation securely. In most of the examples I have come across, people tend to assign the form data into a variable and then begin validation. My concern is what if the data has been manipulated to begin with. Would it not be better to validate the data in an if statement before assigning the data to a variable for further use?
For example, say you have a textarea field and someone puts a SQL query into the textarea. When you assign the textarea value to a variable, could the SQL query not then be executed?