so where have you got to
in a traditional web applciation you have several PHP scripts targeting different operations
1 displays the the data / data entry
2 called from 1 validates the data, and decide where to pass control (back to 1 if there are errors, or onto 3 to perform the update
3 perform updates (could be rolled up into script 2)
there may be additional scripts which do some searching or record selection
script 1 usually targets HTML code which runs on the client PC, scripts 2 & 3 target PHP code which runs ont he server and does "soemthing" which the client doens't necessarily see
all this can be flung up in the air if your applciation and userbase can support AJAX
first off I'd suggest you write the display script (using a form, might involve tables (even though they are frowned upon by HTML purists), still a heck of a lot easier to layout than CSS in my view). then the action in the form calls the validation script. then decide how you will handle errors (ie how willl you provide feedback to the user that their data is invalid (and perhaps more important WHY its invalid))
then and only then consider writing data to your tables, bear in mind that user data shouldn't be trusted so you need to explciitly check that any response formt he users is appropriate to your application, and postiviely exclude invalid data.
so what do you validate.
say you have an address, your business rules may say it must have at least 2 lines (each line of at least 10 characters) and a postcode.
so the validation rules are:-
check for valid characters, or if your prefer invlaid characters (a standard address usually can contain the following characters A-Z,a-z,0-9 spaces, commas, full stops and possibly a hyphen. I don't know of any address that uses a semicolon so check if that is present
check the number of characters
you will find the regular expressions (REGEXP usefull if incomprehensible at first) a nifty trick if you are concerned about minimum string length is to remove any invalid characters and then compare the remaining string length against your target.
why check for semi colons, well a classical means of cracking a site is an SQL injection attack where the crackers attempts to break your system by submitting false data.
if its a date you are requesting then check its a valid date (bear in mind to the user what they think of as a valid date format may be differnet to what you expect (eg they could use dd/mm/yyyy (as god intended), OR mm/dd/yyy, yyyy/mm/dd, dd mmm yyyy you cant cotmnrol that unkless you expressly use say 3 text boxes)
look at the PHP documentation
look at simple examples of how to write scripts
consider buying a simple book on PHP (and possibly a complex book whilst you are at it), the simple books will get you going with some noddy examples which will give you a flavour of what PHP can do, and then the complex book can be more of a reference.
look at websites which can offer classes (eg phpclasses, PEAR etc) which can save you some time in doing repetitive tasks (eg data validation). if you are experienced enough, consider writing your own calsses to handle soemthing that you need to use in more than one script.
be carefull to target the right version(s) of PHP and MySQL, ie the versions that the ISP you are using for the site supports. There is little point in writing code that works on PHP5, or MySQL 5, if your ISP supports PHP 4 & MySQL 3.23.xx. You may have a development system that works finje, but unusable in the production environment. Its pointeless unsing the PHP5 object syntax if your ISP limits you to V4 syntax (and there is abig differnece between the two
if you are OOP minded then make use of classes, if you aren't then it may not be worth the hassle of learning PHP objects. its up to you
I'd rather be riding on the Tiger 800 or the Norton