When you use the form data in an SQL query, it should be validated against SQL Injection.When you have fields like name or email as mandatory in the form, it should be checked in the server side script as well. Here is the sample output from that script: Note that the “Filling” checkbox group in the HTML form results in an array in the PHP script The rest of the fields appear as simple name-value pairs To validate mandatory fields, we just have to check the presence of the value in the $_POST array.First, the HTML: attribute to turn off the browser's automatic validation; this lets our script take control over validation.However, this doesn't disable support for the constraint validation API nor the application of the CSS pseudo-class or other As you can see, the HTML is almost the same; we just removed the HTML validation features.This lets you use Java Script code to establish a validation failure other than those offered by the standard constraint validation API.
Let's see how to use this API to build custom error messages.
Here is the PHP script that checks the name for empty input and throws an error if the input is empty.
When we display the form back again, it should not loose the form data the user already had filled-in.
(note that the form method is post in the HTML form).
To make it a bit cleaner, we can trim the input to remove any extra space from the beginning and end of the form.