How can PHP be used to validate form data before sending it to a database?

When sending form data to a database, it is important to validate the data to ensure it meets the necessary criteria and prevent any potential security risks, such as SQL injection attacks. PHP can be used to validate form data by checking for required fields, sanitizing input, and ensuring data types match the expected format before sending it to the database.

// Example code to validate form data before sending it to a database

// Check if form fields are not empty
if (!empty($_POST['username']) && !empty($_POST['email'])) {
    // Sanitize input data
    $username = filter_var($_POST['username'], FILTER_SANITIZE_STRING);
    $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);

    // Validate email format
    if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
        // Data is valid, proceed to database insertion
        // $conn is the database connection object
        $stmt = $conn->prepare("INSERT INTO users (username, email) VALUES (?, ?)");
        $stmt->bind_param("ss", $username, $email);
        $stmt->execute();
        $stmt->close();
        echo "Data inserted successfully!";
    } else {
        echo "Invalid email format!";
    }
} else {
    echo "Please fill in all required fields!";
}