What are Data Validation and Data Cleansing? They constitute the major role in Secure PHP Programming to defend your web server against attacks. It's important to recognize that most web server attacks are a result of poor programming that lacks various security measures such as these.

Hackers will try submitting harmful data to your web server, hoping it will reveal or create a security vulnerability they can exploit. There are different types of "bad data" that can be sunmitted. Types of bad data attacks include Code Injection, SQL Injection, and Buffer Overflows, to name a few.

Data Validation and Data Cleansing are two major methods of Secure PHP Programming to defend against attacks using bad data.

» Secure Code Requirements
» What Hackers Look For

Data Validation is the evaluation of data for expected and unexpected formats and content, to differentiate good from bad data. Recognizing harmful and illegal data submmissions is a critical step toward protecting a web server.

Consider a simple email address field to signup for a newsletter. The expectation is an email address. The potential is an injection attack attempt. We must validate the data as a "valid" email address or "invalid." An invalid address may mean an attack, or just an error.

Using Secure PHP Programming techniques for Data Validation, attacks and errors can be distinguished, and handled appropriately. Errors lead to helpful messaging, but attacks lead to Data Cleansing and other responses.

» Data Validation & Cleansing
» Securing eCommerce Databases
» Selecting Good Security Tactics

Data Cleansing is the removal, replacement, or modification of unwanted or harmful data. Simple user errors may result in helpful messaging indicating limited character sets, minimum and maximum limits, and errors dictating additional user instruction. Attacks vary greatly in content and are treated quite differently from user errors.

Consider an SQL Database Query Injection, rather than an email address. Data Cleansing differs from Data Validation by removing, replacing, or modifying the submitted data to prevent any form of execution. Although the attack could be rejected, it may instead be rendered inert, appended to a log, and sent to an admin for review.

Data Cleansing renders attacks inert and defends against illegal data types.

» Benefits of eCommerce Security
» Caveats of Security Vulnerabilties

Data Validation and Data Cleansing are ideally combined in proper Secure PHP Programming. Individually, cleansing and validation are powerful and quite beneficial. When combined, they can provide a layer of security protection that can make the difference between business success and failure.


  • Stop Injection Attacks
  • Prevent Buffer Overflows
  • Protect Servers & Networks
  • Secure Database Information


  • Additional Programming Time
  • Additional Programming Cost

The question is a matter of economic feasability and your business survival.

» Hacking Website Code
» Hacking External Networks