User-Friendly Form Validation with PHP and CSS
Subject:   Minor point
Date:   2004-05-02 12:12:13
From:   trb
You said:

Because you're already doing all the verifying; you might as well do the real processing, as well.

You actually need to do all your processing on the same request cycle as the validation, otherwise it's trivial just to skip the validation altogether.

Remember, I'm free to spit bad data at any page you let me access directly, whether that be via form submission or redirect.

This should, of course, be common knowledge for anyone who's written more than a line or two of code for the web. Still, you never know who might be reading.