Now we're going to talk about in server data validation, that moment where you are receiving the data, okay? And so we talked about HTML5, and that HTML5, when you're typing something in that's not a URL, that's actually just an interaction between the user on that browser and document object model. But them when the data finally comes in, we have to protect ourselves. So the POST data comes in and we're sitting here at the beginning of this, the POST data is sitting there and now we have to ask ourselves, is the data good? Is it dated right? is it dangerous? We talked about HTML entities and that's when you're echoing it back out, you want to make sure that you put < we just sort of talked about it going out. Now we're talking about inside the server, high up in your script, deciding whether the data looks good or not before you're going to do it. because ultimately we're going to store it in a database. And so we might want to go back and send the message back and say, that wasn't very good, I don't like what you did there, please send it in. The email is required or the URL is required or you need at least five characters for your password, or who knows what it is. But it's a set of questions that basically you are going to ask before you trust the data, and then maybe go back and complain to the user. So, this is code that you write at the top of your program. And there's a couple of different functions that we tend to use. Things like we might want to ensure our variable came in on the POST data is non-empty. Is there one or more characters in there? is_numeric looks at the actual characters themselves and says, is this is a number? So Fred is not a number because part of it is PHP converts things so easily. So Fred converts to a 0, so you can't check to see if it's a number by just checking it. Because if it's equal to 0, Fred is equal to 0. He said, hey, give me a true false as to whether this is numeric. You can do something like strpos, you can do a simple email thing, where you say, if there is an at sign somewhere in it. So if you don't have an at sign, this will be false, and if you do have an at sign, it will be true. And there's other more complex ways to do this. This is a function that's built in called filter_var, which is specifically designed to check things. And so you can go look at the documentation for filter_var and see a whole series of more sophisticated emails. More sophisticated filters that can give you true or falses as to whether or not your data looks good. And so if we take this guessing game, and the whole idea of this guessing game is you just put your guess on the end of it. And we want to actually defend against really bad guesses, right? And so, here's an example of this, right? So we're taking a look at this bit of data that's coming in. Here's our code, we can check to see, is there a parameter at all? And if there's no parameter we can say, you don't have a parameter. And then I'm going to have a series of else if's and I kind of have constructed this in a way that I am checking the most obvious and broadest thing. First, I want to check if it's there. Once I know it's there, I can say is it less than 1? So they might just say guess equals with absolutely nothing. If the length of that is less than 1, I'm just going to say your guess is too short. If it's not numeric, I'm going to say your guess is not a number. Now, I know that it's a number, and I know that it's not empty. And now I'm doing that actual sort of game logic of saying if it's less than 42, now implicitly there's a number conversion going on because this is a string and that's a number. But it just works. It converts it to a number and then checks and then I can see if it's above 42. Otherwise, it says you are right if you say guess equals 42. So these are just examples of the kinds of things that you can ask about a parameter. Is it there? How long is it? Is it a number? Etc. So the next thing I want to talk about is the basic idea of how you structure your applications in the file. About handing input data and producing the next output, updating the database, etc. A concept called model view controller.
