Form Validation: the right way

[eluser]jojo777[/eluser]
Hi all.

I'm creating my own login/register model, so i can use it in every project. I took a look at IonAuth and the best way to learn something is get deep inside the code, not only download and use a library, but that's cool anyway.

So now i'm learning somethings i didnt know before but i´ve a question.

Wich is the best way to validate a form?
How many steps?

For example:
1. JavaScript validation
2. PHP validation
3. Scaping characters
4...

Also i would like to know how to avoid csrf. Maybe like Ion Auth generating a random key and value for forms??

How do you treat data if a user inputs in a text field something like <iframe src="www.google.es"></iframe> or trying to break your form?

I think this would be pretty usefull for all kinds of CI programmers.
Thanks.

[eluser]solid9[/eluser]
The CI doc says it all,
http://ellislab.com/codeigniter/user-gui...ation.html

I think you need to learn that first.
And yes IonAuth is very cool.
To make you a good programmer,
You need to learn by digging the codes from another programmer

Thanks to Ben Edmunds I talk to him a lot before. lol

[eluser]jojo777[/eluser]
[quote author="solid9" date="1351090251"]The CI doc says it all,
http://ellislab.com/codeigniter/user-gui...ation.html

I think you need to learn that first.
And yes IonAuth is very cool.
To make you a good programmer,
You need to learn by digging the codes from another programmer

Thanks to Ben Edmunds I talk to him a lot before. lol

[/quote]

Yeah sure, I know the basics but I know that isnt suffcient so I get inside IonAuth code so now I'm adapting my code and adding some cool stuf I'm discovering but before copying I'm trying to understand why he did that...or that... XD thats the best way to learn and improve, not just copying a library and go on.

Well I'll continue studing the code and adapting it to my necesities.

Looks like the way he control csrf is pretty good and easy to understand.