Before we move on to cleaning up the controller, let's first take a moment to review form validation. At the moment, our controller doesn't care what the user types into each input. We assign each provided value to a property and attempt to throw it in the database. You should never do this. Remember: when dealing with user-provided data, assume that they're being malicious.