Here is my normal set. I use a custom framework, basically.

I setup models that handle specific data. For example, if I have an employee form that creates new employees. I have an employee model. The model has specified values that it requires in order to generate a new employee in the database. If any values are missing in this model, when I try to save it, it will throw an exception. This is my second layer of “input validation”. The first layer is a simple java script form validator, to make sure any values aren’t missing.

Now, for any sort of input to the page(GET, POST), I have a class that handles these sanitation. It iterates over all of the $_POST and $_GET values and sanitizes them(mysql_real_escape_string, stripslashes in php).

Now setting up my form data in html.. php can process form data “arrays” and by that I mean if I have a form input named “employee[name]” and I submit that form, php will recognize that form submission as $_POST[’employee’][‘name’].. pretty amazing I know. Now, each form has its own specified fields that are required to the model. I simply call my model, set the model data to $inputClass->post(’employee’) (which is an array) and save the data.

I prefer this general method to anything. Its fast and easy to setup, its secure and it works.

EDIT: Also, something like Ajax and Javascript are luxuries. You don’t NEED these to process forms, they simply add ease to the user. For example, pending they have javascript enabled, you can validate the form without reloading the page. But note, you should always validate your forms via php as well.