Before you use input, it is a good idea to validate it for mailicous content before use.

So you would make a function validation, which would then contain what validations checks?
- mysql_real_escape_string
- addslashes / stripslashes
- get_magic_quotes_gpc
- html_entities
- etc

Anything else you think I should or shouldnt be checking?

Test code:

function valid($value) {
 mysql_real_escapte_string($value);
 stripslashes($value);
 // etc ($value)
 // etc ($value)
 return $value;
}

Thanks, Regards X

Note: Assumption is the variable is being inputted into a database

Ill add is_numeric nav, thanks.

Anything else?

Trying to throw around ideas before I create a function, correction attempt to :D

You can also preg_match a specific set of characters/letters/numbers so that if certain characters are found in the string that should never exist then it would fail the function test. An example is the following that checks if characters other than A-Z a-z 0-9 +-/\* are found. So the example is:

<?
if (preg_match('/[^a-zA-Z0-9+-/\*]/is',$value)) {
return false;
} else {
return true;
}
?>

So to place that in your script it would be the following:

<?
function valid($value) {
mysql_real_escapte_string($value);
if (preg_match('/[^a-zA-Z0-9+-/\*]/is',$value)) {
return false;
} else {
return true;
}
}
?>

So basically you can decide what characters are and are not allowed except for the \ and ^ character which is used in the mysql_real_escape_string. Also note that the ^ character must be right after the bracket.

Comments
Nice code as usual, keep it up!

Nice little function cwarn, thanks.

So implementing cwarn function with the mysql commands, there not much else left to validate against eh?

Kinda but if you do use the * symbol (maybe a few others to) then you may want to check what surrounds it because I have heard that there are a few weard combinations that when placed into the date() function it can delete your website. I only briefly came across that but would need to search the web for more info if you would like it. Generally though that should do the trick.

I know this is a bit basic, but for many fields, where the user inputs longer data (subject line, or textarea input), I always use the function trim() to delete all whitespaces and line breaks before and after the text. This isn't exactly mailicous, but useful to me nevertheless.

I also use substr_count() to check to see if a specific keyword is in a string more than X times. I create an array of words like "viagra" and so on, and I check to see if it's in the string more than twice. If it is, then I just don't accept it.

ya nice input, there is like a few of what i know of that form of validation:
- html
- javascript
- php

ya nice input, there is like a few of what i know of that form of validation:
- html
- javascript
- php

Could you explain in more detail and make the question a little more clearer. All that I can tell is that you might want a php and javascript script that might validate a html form. What I don't know is how it's to be validated and what is to be validated and not even sure if that question i pieced together is correct.

Oh na isnt a question, just a statement. That you can use those technologies for similar validation(other topics for that validation).

On a side note can you please order 2 of those computers on your wish list :D

This article has been dead for over six months. Start a new discussion instead.