I’m going to use PHP in my example, but my question applies to any programming language.

Whenever I deal with forms that can be filled out by users who are not logged in (in other words, untrusted users), I do several things to make sure it is safe to store in the database:

• Verify that all of the expected fields are present in $_POST (none were removed using a tool such as Firebug)
• Verify that there are no unexpected fields in $_POST. This way, a field in the database doesn’t accidentally get written over.
• Verify that all of the expected fields are of the expected type (almost always “string”). This way, problems don’t come up if a malicious user is tinkering with the code and adds “[]” to the end of a field name, thus making PHP consider the field to be an array and then performing checks on it as though it were a string.
• Verify that all of the required fields were filled out.
• Verify that all of the fields (both required and optional) were filled out correctly (for example, email addresses and phone numbers are in the expected format).
• Related to the previous item, but worthy of being its own item: verify that fields that are dropdown menus were submitted with values that are actually in the dropdown menu. Again, a user could tinker with the code and change the dropdown menu to be anything they want.
• Sanitize all fields just in case the user intentionally or unintentionally included malicious code.

I don’t believe that any of the above things are overkill because, as I mentioned, the user filling out the form is not trusted.

When it comes to admin backends, however, I’m not sure all of those things are necessary. These are the things that I still consider to be necessary:

• Verify that all of the required fields were filled out.
• Verify that all of the fields (both required and optional) were filled out correctly (for example, email addresses and phone numbers are in the expected format).
• Sanitize all fields just in case the user intentionally or unintentionally included malicious code.

I’m considering dropping the remaining items in order to save time and have less code (and, therefore, more readable code). Is that a reasonable thing to do or is it worthwhile to treat all forms equally regardless of whether or not they are being filled out by a trusted user?

These are the only two reasons I can think of for why it might be wise to treat all forms equally:

• The trusted user’s credentials might be found out by an untrusted user.
• The trusted user’s machine could be infected with malware that messes with forms. I have never heard of such malware and doubt that this is something to be really be worried about, but it is something to consider anyway.

Thanks!