Self validating form php updating raised ranch exterior
data on construction can be considered a good practice.
And by sanity check you can understand a simple action that will analyse passed value and decide whether this value makes sense in context of VO or not. It is your application responsibility to validate the fact that user's email address will not be duplicated, will be from whitelisted domain, refer to valid MX record and so on.
I'm not saying that is 100% safe against CSRF attacks; I know we're not, and a recent topic on our forum made that somewhat painfully clear again: with the redesign of our account pages we separated certain data into several forms, but forgot to add our token-based security measure to each of them.
Adding a special token to an HTML form is a way to prevent these CSRF attacks.
We have been using our own token-system for quite some time and in various (but not all) places on our website, but our frontpage token-system suffered from some serious drawbacks.
Caution: The documentation you are viewing is for an older version of Zend Framework.