DaniWeb Forum Index > Web Development > PHP

Validating input?

Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases

•

Join Date: Dec 2007

Posts: 622

Reputation: OmniX is an unknown quantity at this point

Solved Threads: 9

OmniX

Offline

Practically a Master Poster

Validating input?

Mar 5th, 2009

Before you use input, it is a good idea to validate it for mailicous content before use.

So you would make a function validation, which would then contain what validations checks?
- mysql_real_escape_string
- addslashes / stripslashes
- get_magic_quotes_gpc
- html_entities
- etc

Anything else you think I should or shouldnt be checking?

Test code:

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
function valid($value) {
 mysql_real_escapte_string($value);
 stripslashes($value);
 // etc ($value)
 // etc ($value)
 return $value;
}
function valid($value) {
 mysql_real_escapte_string($value);
 stripslashes($value);
 // etc ($value)
 // etc ($value)
 return $value;
}

Thanks, Regards X

Note: Assumption is the variable is being inputted into a database

Last edited by OmniX; Mar 5th, 2009 at 11:39 pm.

"You never stop learning." - OmniX

•

Join Date: Nov 2007

Posts: 3,761

Reputation: nav33n is a jewel in the rough

Solved Threads: 332

nav33n

Offline

Senior Poster

Re: Validating input?

Mar 6th, 2009

Apart from that, If you are sure that the 'input' is an integer, you can validate it using is_numeric .

Ignorance is definitely not bliss!

*PM asking for help will be ignored*

•

Join Date: Dec 2007

Posts: 622

Reputation: OmniX is an unknown quantity at this point

Solved Threads: 9

OmniX

Offline

Practically a Master Poster

Re: Validating input?

Mar 6th, 2009

Ill add is_numeric nav, thanks.

Anything else?

Trying to throw around ideas before I create a function, correction attempt to

"You never stop learning." - OmniX

•

Join Date: Sep 2007

Posts: 1,527

Reputation: cwarn23 has a spectacular aura about

Solved Threads: 137

cwarn23

Offline

Posting Virtuoso

Re: Validating input?

Mar 6th, 2009

You can also preg_match a specific set of characters/letters/numbers so that if certain characters are found in the string that should never exist then it would fail the function test. An example is the following that checks if characters other than A-Z a-z 0-9 +-/\* are found. So the example is:

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
<?
if (preg_match('/[^a-zA-Z0-9+-/\*]/is',$value)) {
return false;
} else {
return true;
}
?>
<?
if (preg_match('/[^a-zA-Z0-9+-/\*]/is',$value)) {
return false;
} else {
return true;
}
?>

So to place that in your script it would be the following:

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
<?
function valid($value) {
mysql_real_escapte_string($value);
if (preg_match('/[^a-zA-Z0-9+-/\*]/is',$value)) {
return false;
} else {
return true;
}
}
?>
<?
function valid($value) {
mysql_real_escapte_string($value);
if (preg_match('/[^a-zA-Z0-9+-/\*]/is',$value)) {
return false;
} else {
return true;
}
}
?>

So basically you can decide what characters are and are not allowed except for the \ and ^ character which is used in the mysql_real_escape_string. Also note that the ^ character must be right after the bracket.

Last edited by cwarn23; Mar 6th, 2009 at 2:38 am.

Try not to bump 10 year old threads as it can be really annoying.
http://syntax.cwarn23.net/
Smilies: ^_* +_+ v_v -_- *~*`
My favourite PC. - Oopy Doopy Do 2U2!

•

Join Date: Dec 2007

Posts: 622

Reputation: OmniX is an unknown quantity at this point

Solved Threads: 9

OmniX

Offline

Practically a Master Poster

Re: Validating input?

Mar 6th, 2009

Nice little function cwarn, thanks.

So implementing cwarn function with the mysql commands, there not much else left to validate against eh?

"You never stop learning." - OmniX

•

Join Date: Sep 2007

Posts: 1,527

Reputation: cwarn23 has a spectacular aura about

Solved Threads: 137

cwarn23

Offline

Posting Virtuoso

Re: Validating input?

Mar 6th, 2009

Kinda but if you do use the * symbol (maybe a few others to) then you may want to check what surrounds it because I have heard that there are a few weard combinations that when placed into the date() function it can delete your website. I only briefly came across that but would need to search the web for more info if you would like it. Generally though that should do the trick.

Try not to bump 10 year old threads as it can be really annoying.
http://syntax.cwarn23.net/
Smilies: ^_* +_+ v_v -_- *~*`
My favourite PC. - Oopy Doopy Do 2U2!

•

Join Date: Oct 2008

Posts: 26

Reputation: danielpataki is an unknown quantity at this point

Solved Threads: 0

danielpataki danielpataki is offline

Offline

Light Poster

Re: Validating input?

Mar 6th, 2009

I know this is a bit basic, but for many fields, where the user inputs longer data (subject line, or textarea input), I always use the function trim() to delete all whitespaces and line breaks before and after the text. This isn't exactly mailicous, but useful to me nevertheless.

I also use substr_count() to check to see if a specific keyword is in a string more than X times. I create an array of words like "viagra" and so on, and I check to see if it's in the string more than twice. If it is, then I just don't accept it.

•

Join Date: Dec 2007

Posts: 622

Reputation: OmniX is an unknown quantity at this point

Solved Threads: 9

OmniX

Offline

Practically a Master Poster

Re: Validating input?

Mar 6th, 2009

ya nice input, there is like a few of what i know of that form of validation:
- html
- javascript
- php

"You never stop learning." - OmniX

•

Join Date: Sep 2007

Posts: 1,527

Reputation: cwarn23 has a spectacular aura about

Solved Threads: 137

cwarn23

Offline

Posting Virtuoso

Re: Validating input?

Mar 6th, 2009

•

Originally Posted by OmniX

ya nice input, there is like a few of what i know of that form of validation:
- html
- javascript
- php

Could you explain in more detail and make the question a little more clearer. All that I can tell is that you might want a php and javascript script that might validate a html form. What I don't know is how it's to be validated and what is to be validated and not even sure if that question i pieced together is correct.

Try not to bump 10 year old threads as it can be really annoying.
http://syntax.cwarn23.net/
Smilies: ^_* +_+ v_v -_- *~*`
My favourite PC. - Oopy Doopy Do 2U2!

•

Join Date: Dec 2007

Posts: 622

Reputation: OmniX is an unknown quantity at this point

Solved Threads: 9

OmniX

Offline

Practically a Master Poster

Re: Validating input?

#10

Mar 6th, 2009

Oh na isnt a question, just a statement. That you can use those technologies for similar validation(other topics for that validation).

On a side note can you please order 2 of those computers on your wish list

"You never stop learning." - OmniX