Section
4.3.1
Top Level
Sub Level
General
Wherever possible, the validation mechanism should verify that the input matches a tightly defined specification (whitelist) of valid input and reject all input that does not match this specification. Only where this is not possible should a "blacklist" or "filtering" approach be used for validation.
PHP
Example:
$clean = array(); $errors = array(); $acceptableStarTreks = array("tos","animated","tng","dsn", "voyager","enterprise"); if(in_array($_GET['starTrek'], $acceptableStarTreks)) { $clean['starTrek'] = $_GET['starTrek']; } else { $errors['starTrek'] = "Invalid Entry"; }