Validating form php
It’s also worth bearing in mind that PHP is not above some bizarre arguably unsafe behaviours.
In suggesting that users are untrusted, we imply that everything else is trusted. Users are just the most obvious untrusted source of input since they are known strangers over which we have no control.
Beyond the perimeter is everything considered potential enemy territory which is...literally everything other than the literal code executed by the current request.
All possible entrances and exits on the perimeter are guarded day and night by trigger happy sentries who prefer to shoot first and never ask questions.
While often perceived as duplication of first-entry validation, additional rounds of input validation are more aware of the current context where validation requirements may differ drastically from the initial round.
For example, input into a form might include a percentage integer.