Posted: Tue Dec 11, 2007 1:13 am
newbie2php, you made a good point about the issue of filtering versus validating. It's good to realize the differences and when to apply which.
Hockey suggested to filter the data (stripping unwanted characters immediately), but as you said, that can be confusing or lead to problems when a user doesn't expect that to happen. In other words, he enters his password "bert*%$", you strip the *%$ and as a consequence his pass is suddenly "bert". I would only apply filtering to certain stuff, like the spaces or brackets in a telephone number for example.
Hockey suggested to filter the data (stripping unwanted characters immediately), but as you said, that can be confusing or lead to problems when a user doesn't expect that to happen. In other words, he enters his password "bert*%$", you strip the *%$ and as a consequence his pass is suddenly "bert". I would only apply filtering to certain stuff, like the spaces or brackets in a telephone number for example.