Some common web form validation are check if a field is empty or full, check the length of a field to make sure it meets standards, verify emails are correctly entered and verify passwords match. To check if a field is empty and output an error try if (empty($_POST['user'])) { //Error Message AND/OR Output } PHP: To check if a field is not empty and continue with execution try if (!empty($_POST['user'])) { //SQL OR other code here to handle the $_POST superglobal } PHP: To verify that 2 passwords match try if (md5($_POST['password']) != md5($_POST['password_confirm'])) { //Error Message AND/OR Output } PHP: These are just the basic validation and you will need to use preg_match to verify emails and urls Some of the must have security validation for web shops are: Username Password Emails URLS Price Date Of Birth
It's almost complete, but you can't forget CAPCTHA to ensure that the one that fills the form is a human.