ABSTRACT
HTML forms are one of the primary methods by which a client sends data to the server application. A foundational rule of security is that since the user source is unknown, the input from HTML form fields cannot be trusted. Proper handling of the data that comes through form fields is central to maintaining the security of the server. The emphasis is on proper handling, which is based on input usage. There is no single method that makes data safe in all cases. This chapter focuses on many techniques to properly handle form fields.
