Input Validation: Using filter_var() Over Regular Expressions ~ Mattias Geniar: "Just about the biggest time-sink on any project, is the amount of input validation that needs to be done. You _have_ to assume your visitor is a maniac serial killer, out to destroy your application. And you have to prevent it.
Thus starts our never-ending battle for user input validation. We can’t allow it all (think XSS or SQL Injection), so we check every value presented to us. Correct e-mail formats, IP’s, integers, HTML-code, …."
