Re: PHP form validation example. Secure or not secure?

[rolf]

Sometimes it’s best to check for each flaw seperately like you’re doing now so you can provide very specific feedback to the user what is wrong. If you want it short you can for example combine the length check into 1 line. I guess it’s really up to you and how much time you have ;)

Regarding spam I have used slightly altered field names in the past and it works best without asking too much from the user (captcha stuff). Renaming something like email to female stops 99% of the spam. it just looks stupid in the code but if you have some generic function the processes all form posts it doesn’t matter (the php process function can rename the “rewritten” fields back to original names etc.)