No problem, this is what I've currently been doing. However, I am just using the following which just requires an input.
<input name="vipFirstName_<?php echo($wa_startindex); ?>" type="text" class="form-control" id="vipFirstName_<?php echo($wa_startindex); ?>" value="<?php echo $WADAourbigday_vips->getColumnVal('VIP_FirstName'); ?>" required oninvalid="this.setCustomValidity('You must provide a first name')" oninput="setCustomValidity('')">
However, this means users could enter some unwanted characters < >$%* etc.
As you've pointed out they need to be authorised and so it is very unlikely but would be useful to know.
Many thanks,
Tom