Texas State Technical School – Episode #294
|Texas State Technical School||80||82||70||(232/300) 77% C
Always, always, always validate your form data before checking against the actual database. You should never trust the user, imagine every single person is trying to take advantage of your server. This means having a whitelist instead of a blacklist for content. This means sanitizing all data and casting it to the correct type for the database. It also means, most importantly turning off all public error reporting on production. If the user (or bot) finds an exploit, errors shown on the screen only give them more insight in to their next move.