I am using the theme my login WordPress plugin, using the custom pages I have added my own registration fields and validated them with no issues.
However I have worryingly discovered that corrupt code can be added and update to the profile page once a user is registered, I am wondering if there is the same offering for the profile page in terms of validation as there is for the registration?
The best way would be to use "theme my login" template pages, it already have the registration and profile part. You can add and remove fields to your liking and also style it, here is a tutorial for that http://www.jfarthing.com/development/theme-my-login/adding-extra-registration-fields/.
If you have your custom built profile page then i suggest you use wpnonce to check the validity of the POST requests. Secondly use wordpress's own functions for fetching and updating data. Functions like get_user_meta and update_user_meta, these come built in with all the validation and you dont have to worry about it.
EDIT : I have written this code to demonstrate how to use a nonce field and then how to check the validity of the nonce field (By default Nonces are valid for 24 hours). The code below adds a form and asks for users height. The first php part wont run until the post request has been made. Once the request has been made then it checks for the integrity of the request. If all conditions are met then it will add a new meta field in the database called 'user_height', and will be updated every time the user changes it. Once the height has been set, it will also auto populate this in the input box, so they can see what is their current height. I hope this code covers all your doubts of showing user meta, adding/updating user meta and also validation nonces.
<?php
// Checking if the post request has been submitted and then verifing nonce
if (!isset( $_POST['get_user_height'] ) || !wp_verify_nonce( $_POST['get_user_height'], 'user_body_built' )
) {
print 'Sorry, the request cannot be verified.';
exit;
} else {
if(isset($_POST['user_height']) && !empty($_POST['user_height'])){
update_user_meta( $user_id, 'user_height', $_POST['user_height']);
}
}
<form method="post">
// Fetching previous height of user
<?php $user_height = get_user_meta($user_id, 'user_height', TRUE);?>
// Getting user's height and then saving it to users meta, if height was already set it will also show the current height.
<input type="text" name="user_height" <?php if($user_height){echo 'value="'.$user_height.'"';} ?> placeholder="enter your height">
// Generating a nonce field which will be checked on post request
<?php wp_nonce_field( 'user_body_built', 'get_user_height' ); ?>
</form>
Second EDIT (showcasing how to use existing registration fields on profile page, replace input names with the ones on registeration page): Just add this code in your profile page or functions.php it will automatically show these fields in the profile page.
function tml_edit_user_profile( $profileuser ) {?>
<p>
<label for="phone_number">Phone Number</label>
<!-- replace name attribute with the ones used on registration page -->
<input id="phone_number" type="text" name="phone_number" value="<?php echo $profileuser->phone_number; ?>" />
</p>
<?php
}
add_action( 'edit_user_profile', 'tml_edit_user_profile' );