Search the Community
Showing results for tags 'validation'.
-
Hello, This chapter contains this tip: "One thing most beginner developers don’t realize is that it’s possible—in fact, quite easy—for a hacker to submit data to your PHP script without using your intended HTML form. For this reason, it’s important that you validate the existence of expected variables (i.e., that they are set), their type, and their values." I take it that the example presented in Script 6.7 demonstrated how to validate the fields? So that there would be no need to use the function isset in this particular case for example? Than you.
-
I have a contact form on my site. I'm using the book's methods to validate POST data from a textarea input field called "contact_info". if ($_SERVER['REQUEST_METHOD'] == 'POST') { ... if (empty($_POST['contact_info'])) { $contact_errors['contact_info'] = 'Please enter a comment.'; } elseif (preg_match('/^[A-Za-z0-9.,-$?!]*$/', $_POST['contact_info'])) { $_POST['contact_info'] = str_replace(' ','',$_POST['contact_info']); //remove all spaces $_POST['contact_info'] = trim($_POST['contact_info']); //remove any space before or after any characters $_POST['contact_info'] = escape_data($_POST['contact_info'], $dbc); // add htmlspecialchars ??? // anything else ??? } else { $contact_errors['contact_info'] = 'Your comment contains inappropriate characters. Allowable characters include letters a to z, letters A to Z, numbers 0 to 9, as well as, period, comma, exclamation mark, question mark, dollar sign and hyphen.'; } ... } <form method="post" accept-charset="utf-8"> ... <?php create_contact_form_input('contact_info', 'textarea', $contact_errors); ?> ... </form> What is the most secure way to validate user input from a textarea field?
-
Hello, I'm new to this forum thanks to a stupid problem I've been struggling with in the past couple of days. Now please keep in mind that I'm a newbie PHP dev, as in I'm working on a school project and sadly there's nobody who could give me a hand there. I need to warn you that my code uses the mysql functions, not mysqli or whatever else, since I'm using XAMPP and I don't really need to upgrade to the newest version. So, the problem is this: for some reason I can't seem to be able to validate my radio button group or my select field(drop down list). If I don't validate, will my data be sent to the db anyway because that would be the better option. If not, could you please help me out? Here's my code: <?php $query_fill_table = "SELECT `movie_title`, `play_time_1`, `play_time_2`, `play_time_3` FROM `on_screen`"; if($query_fill_table_run = mysql_query($query_fill_table)) { echo '<table border="1"> <tr> <th>Movie Title</th> <th>Show Times</th> <th>Number of Seats</th> </tr>'; while($query_rows = mysql_fetch_assoc($query_fill_table_run)) { echo '<tr>'; echo '<td>'.$query_rows['movie_title'].'</td>'; echo '<td>'; ?> <form action="make_reservation.php" method="POST"> <input type = "radio" name = "showtimes" value = "1"><?php echo $query_rows['play_time_1'];?> <input type = "radio" name = "showtimes" value = "2"><?php echo $query_rows['play_time_2'];?> <input type = "radio" name = "showtimes" value = "3"><?php echo $query_rows['play_time_3'];?> </form> <?php echo '</td>'; echo '<td>'; ?> <form action="make_reservation.php" method="POST"> <select name = "seats"> <option value="0"></option> <option value="1">1</option> <option value="2">2</option> <option value="3">3</option> <option value="4">4</option> <option value="5">5</option> </select> </form> <?php echo '</td>'; } echo '</table>'; if(isset($_POST['showtimes'], $_POST['seats'])) { $showtimes = $_POST['showtimes']; $seats = $_POST['seats']; //this is just a check if($showtimes==1) { echo 'ok'; } } else { echo 'not ok.'; } } ?> <form action="make_reservation.php" method="POST"> <input type="submit" value="Submit reservation"> </form> This isn't the complete code, but it is the validation section which is what seems to not be working. I will greatly appreciate any opinions. Thanks! ~Vanya D.
- 2 replies
-
- radio buttons
- select fields
-
(and 1 more)
Tagged with:
-
Hi. First off, this is in regards to exercise dealing with using a foreach loop instead of implode(). I was having trouble with it, and of course looked up what was posted here already, but I want to do more. By the I mean I wanted to validate that the form data was not empty, had no numbers, and had a minimum of five words that will of course be alphabetized(though I'd rather being doing some analysis with it for simple patterns like the avg number of characters by word, number of vowels, number of constants, but let me just be simple about it for now). Here's the code(just a note, to give credit where it's due this is code I've altered that was posted here originally): $flag = true; $words_Array = $_POST['words']; $count1 = count($words_Array); // turn the incoming string, $_POST['words'], into an array and validate: if (empty($words_Array) || (is_numeric($words_Array) ) || ($count1 < 5) ) { print "<p>Please enter at least five words and no numbers.</p>"; $flag= false; } else { $words_Array = explode (' ', $_POST['words']); } //sort the words alphabetically if ($flag) { sort($words_Array); } if ($flag) { print "<p>An alphabetized version of your list is: "; foreach ($words_Array as $key => $value) { print "<br />\n $value "; } } print "</p>"; ?> Now, I've run this code and whether I enter five words or four words and a number, it still runs the print statement inside the first if statement "Please enter at least five words and no numbers." So what I'm I missing here logic wise? Also I'm thinking this code could much cleaner without having to be redundant by using three separate if statements, would an if-elseif-else be a good choice/best practice ? Lastly, can validation be done without using a boolean "flag" variable ? Assistance is greatly appreciated.
- 3 replies
-
- validation
- foreach
-
(and 1 more)
Tagged with:
-
Is there any way to validate a normal chtml text field(Chtml::textField declared without any model class) and display a message on he same page if the user leaves it blank and clicks a submit button. Here is the code <?php echo CHtml::beginForm(array('transaction/disp'),'Post'); ?> <div class="row"> <?php echo CHtml::label('Transaction Status','trst'); ?> </div> <div class="row"> <?php echo CHtml::textField('trst','',array('id'=>'trst','size'=>10)); ?> </div> <?php echo CHtml::submitButton('Submit', array('id'=>'submit','name'=>'submit')); ?> <?php echo CHtml::endForm(); ?>
-
Larry, in your 4th edition of PHP and MySQL for Dynamic Web Sites, you use several times the FILTER_VALIDATE_INT filter with the filter_var() function in order to validate form input as positive integers (that is, natural numbers excluding zero, depending on whether you count zero as a natural number). To accomplish this you write in your book: filter_var($var, FILTER_VALIDATE_INT, array('min_range' => 1)) However, according to the PHP function reference, the third argument passed to the filter_var() function needs to be an associative array named $options. Inside this array you should then create another array and define the options there. So you would write: filter_var($var, FILTER_VALIDATE_INT, array('options' => array('min_range' => 1))) You can also establish the 'max_range' option for this type of filter. A complete list of available filters to be used with filter_var() can be found here. Options to be established for validate filters can be found here. I have tested this in PHP 5.3.8 (can someone test using other PHP versions?) and when using the approach specified in the book, PHP ignores the third argument (it does not complain strangely enough) and will accept negative numbers (not zero however).
- 4 replies
-
- filter_var()
- filter_validate_int
-
(and 1 more)
Tagged with:
-
My form validation refused to stop the submit event after acknowledging ‘alert’. This is the conclusion of the validation script: if (problem == 'No'){ return true; }else{ alert(alerts); return false; } After much trial and error, the following script does stop the 'submit' event: event.returnValue=false; This tip might help others. I don't recall seeing this solution in the book. I have no idea why it is needed but it is required with my script. Maybe there is some error or 'event bubbling' but I cannot find the error. My form is complex with several event listeners. This is a great book explaining javascript and the best approach to using javascript. Thank you Larry.
-
First off, what a well written technical book! Thanks Larry. I'm working on a project that currently uses JavaScript validation. The page will have PHP functionality later, but after reading chapter 6's validation examples, I got to thinking . . . Can I have slicker AJAX style same page validation using PHP? This would put the error messages in the same page after form field completion but before submission. I saw an example elsewhere that essentially points the action to the same page, but it used a lot of "include" scripting. The validation scripting in the book is so simple, yet the JavaScript currently being used in my project seems so unnecessarily clunky. So, in short, what is the easiest way to augment the validation example in the book for same page validation? Would it be more efficient than AJAX validation?
- 1 reply
-
- control structures
- validation
-
(and 3 more)
Tagged with:
-
Great book. In the form examples throughout the book you recommend combining the form and validation and checking to see if the form has been submitted by using - if ($_SERVER['REQUEST_METHOD'] == 'POST') When I try that I get error messages telling me that the variables haven't been defined yet. That's because the form hasn't been submitted yet! I thought you said that the server function would just be empty if there was nothing to request (ie. before submission)? Am I missing something? Thanks, Arnie