Why is Form Validation Needed?

Form validation is required to prevent web form abuse by malicious users. Improper validation of form data is one of the main causes of security vulnerabilities. It exposes your website to attacks such as header injections, cross-site scripting, and SQL injections.
  • header injection attacks can be used to send email spam from your web server
  • cross-site scripting may allow an attacker to post any data to your site
  • SQL injection may corrupt your database backend

Form data validation is not trivial, because it depends on the context where individual data items are used, and on content encoding.

FormSmarts Built-In Form Validation

Validation of form data is based on the data type you specify for each field when creating a form. For each data type, only a specific set of characters are allowed, and precise validation rules apply.

During form submission, the user will be invited to modify any input fields found to contain invalid data.

It is important that form owners choose the correct data type for each field. Selecting an incorrect data type will not pose a security risk, but it may prevent form users from entering legitimate data.

Visit the form builder help for guidance on selecting the correct data type for each form input field. Note that in many cases, the form creator will pre-select a data type based on the field name you entered.

In addition to form validation, FormSmarts provides extensive form spam protection.