It should validate the password if not given, then it should check the confirm password field if empty or not and after this, the confirm password should match the password with the text or password given in the password field. These pages will show how to process PHP forms with security in mind.The stuff I learn on non-critical optimization often helps me when I do have a bottleneck.I will not be implementing something just because it is faster.
I can't think of a likely scenario where such an error would be introduced by copy and pasting (though that might just be my lack of imagination, of course).If the REQUEST_METHOD is POST, then the form has been submitted - and it should be validated.If it has not been submitted, skip the validation and display a blank form. Unfortunately, too many do it like this: wrong, there’s now no excuse for getting it wrong at all. We all know to encrypt passwords for highest level of security.