PHP处理表单输入

Question

looking to find out the best way to handle my form inputs. Firstly, the form is completely validated using Javascript. I presume validation is then done in PHP for users who disable Javascript. At the moment I am getting inputs like so

<?php

$title = $_POST['inputTitle'];
$name = $_POST["inputName"];
$surname = $_POST["inputSurname"];
$email = $_POST["inputEmail"];
$link = $_POST["inputLinks"];

if (isset($title) && isset($name) && isset($surname) && isset($email) && isset($link)) {
    //do something
}

Is it enough to simply do that? Or should I be doing proper validation on the email even though it was done in Javascript?

Also, would it be best to add these inputs to an array? I cant do it via html because I needed to give each input their own unique name.

Thanks

Answer 1

You should still validate the variables, don't rely on the JavaScript. Your PHP code could receive inputs from elsewhere, the user could have JavaScript disabled, or deliberately manipulate the form in their browser to bypass any validation.

Moving the data to an array instead of individual variables depends on what you are intending to do with it.

Answer 2

You should treat Javascript validation as a "bonus" where PHP validation is a must.

Is better that to use empty() instead of isset() on input validation, since will return TRUE even user does not key in any value.

if( !( 
        empty($_POST['inputTitle']) || 
        empty($_POST['inputName']) || 
        empty($_POST['inputSurname']) || 
        empty($_POST['inputEmail']) || 
        empty($_POST['inputLinks']) 
    ) ) {
        // continue validate inputEmail by using regular expression
    }