In this chapter, we'll mostly deal with Forms. As we most certainly know, HTML forms are one of the most important and delicate aspects of any business application. Nowadays, forms are used to fulfill almost any task involving user-submitted data, such as registering or logging in to a website, issuing a payment, reserving a hotel room, ordering a product, performing, and retrieving search results, and more.

If we were asked to define a form from a developer's perspective, we would come out with the statement a form is a UI-based interface that allows authorized users to enter data that will be sent to a server for processing. The moment we accept this definition, two additional considerations should come into mind:

• Each form should provide a data-entry experience good enough to efficiently guide our users through the expected workflow, otherwise they won't be able to properly use it
• Each form, as long as it brings potentially insecure data to the server, can have a major security impact in terms of data integrity, data security, and system security, unless the developer possesses the required know-how to adopt and implement the appropriate countermeasures

These two phrases provide a good summary of what we'll do in this chapter; we'll do our best to guide our users into submitting the data in the most appropriate way, and we'll also learn how to properly check these input values to prevent, avoid, and/or minimize a wide spectrum of integrity and security threats. It's also important to understand that these two topics are frequently intertwined with each other; hence, we'll often deal with them at the same time.