Submitted by Anonymous (not verified) on
Section
4.3.1
Top Level
Input Validation and Encoding
Sub Level
4.3 Validating User Input
General
Wherever possible, the validation mechanism should verify that the input matches a tightly defined specification (whitelist) of valid input and reject all input that does not match this specification. Only where this is not possible should a "blacklist" or "filtering" approach be used for validation.
PHP

Example:

$clean = array();
$errors = array();
$acceptableStarTreks = array("tos","animated","tng","dsn",
                    "voyager","enterprise");
if(in_array($_GET['starTrek'], $acceptableStarTreks)) {
$clean['starTrek'] = $_GET['starTrek'];
} else {
$errors['starTrek'] = "Invalid Entry";
}