Validating a password in php
It is always recommended to prevent attacks as early as possible in the processing of the user’s (attacker's) request.Input validation can be used to detect unauthorized input before it is processed by the application.It is very difficult to validate rich content submitted by a user.For more information, please see the cheatsheet on Sanitizing HTML Markup with a Library Designed for the Job.Data from all potentially untrusted sources should be subject to input validation, including not only Internet-facing web clients but also backend feeds over extranets, from suppliers, partners, vendors or regulators, each of which may be compromised on their own and start sending malformed data.Input Validation should not be used as the primary method of preventing XSS, SQL Injection and other attacks which are covered in respective cheat sheets but can significantly contribute to reducing their impact if implemented properly.White list validation is appropriate for all input fields provided by the user.
For more information on XSS filter evasion please see the XSS Filter Evasion Cheat Sheet.
To normalise an email address input, you would convert the domain part ONLY to lowercase.
Unfortunately this does and will make input harder to normalise and correctly match to a users intent.
If it's well structured data, like dates, social security numbers, zip codes, e-mail addresses, etc.
then the developer should be able to define a very strong validation pattern, usually based on regular expressions, for validating such input.