Section
4.3.1
General
Wherever possible, the validation mechanism should verify that the input matches a tightly defined specification (whitelist) of valid input and reject all input that does not match this specification. Only where this is not possible should a "blacklist" or "filtering" approach be used for validation.
PHP

Example:

$clean = array();
$errors = array();
$acceptableStarTreks = array("tos","animated","tng","dsn",
                    "voyager","enterprise");
if(in_array($_GET['starTrek'], $acceptableStarTreks)) {
$clean['starTrek'] = $_GET['starTrek'];
} else {
$errors['starTrek'] = "Invalid Entry";
}