important to note that this user input is something that after validation & sanitation – will be inserted into a database, and later on be shown to other users on the same web site. (example: a forum) I’m referring to both a case when I know in advanced what’s the length I should expect from the user and a case in which I don’t but know vaguely that’s not more than 100 length. I’m trying to figure out if there is any security advantages for checking user input length in PHP. taking into account I’m already validation & sanitation user input based on the type of content I’m expecting using regex. I know this differs from language to language to I want to refer to PHP this time, but any referring to other language like Java, .NET, python etc. would be fine.