> -----Message d'origine----- > De : Haydar Tuna [mailto:haydartuna@xxxxxxxxx] > Envoyé : mardi 13 mars 2007 14:53 > À : php-general@xxxxxxxxxxxxx > Objet : Re: question regarding form filtering > > Hello, > You can write some basic functions such as checking > length of variable, removing special character, checking > number or string, trimming blank lines and so on. And then > you can use this functions together and you can write new > functions. For example, if you want to check number (such as > digit count is 4), you can write like a > checknumber($number,$digit). With this function, you can use > like length of variable function, removing special character > function, checking number or string function and trimming > blank lines function together. :) Sure i hear you, have been their and done that in the past. Maybe the situation i am in will help describe why i am going for regular_expressions.. I have made a form generation/(soon to be)validation class with integrated contextual help via javascript info popups. I would like to offer the possibility of javascript validation for those that have it enabled, for obvious pratical reasons being less work load on server if each does his own validation on client-side, and of course server-side validation for security reasons.. Now my forms are made like this: // options array for new form $form_options = array( 'name' => 'parametres_site', 'aide' => 'Enregistrer les modifications apportés aux coordonées de l\'entreprise', 'bouton' => 'Mettre à jour les paramètres' ); // initialize form class and add new form $form = new formulaire($this->debug_mode,$form_options); // initialize inputs array $input_options = array(); // add an text input with various options based on its type (default values are not listed) $input_options[] = array( 'name' => 'nom', 'type' => 'text', 'maxlength' => '35', 'size' => '35', 'label' => 'Votre nom :', //label 'regexp' => '/^[a-zA-Z1-9_- ]{0,35}$/', //regexp for content filtering 'newline' => 0, //no new line (next input on same line) 'aide' => 'Le nom qui apparaîtra que votre site', //contextual help msg 'erreur' => 'Mauvais caractères dans le nom' //error msg in case bad input based on regexp ); $form->add_inputs($input_options,'parametres_site'); // generate form and if success assign html_form to $content if ($form->generer_formulaire('parametres_site')) { $content = $form->html_forms['parametres_site']; } // echo the form to the page Echo $content; Ok so my reason being for using regexp is that by defining a regexp my class can also use this regexp to generate the javascript needed to validate the each form on the page as opposed to writing the same functions in both php and javascript (class permits unlimited number of forms on one page). My process would be: 1. Display blank form (generate javascript necessary for client-side form validation using regexp) 2. Submit form to javascript filtering 3. If JS filter success then send to php filtering 4. Stock all temporary inputs in $formvars array 5. Match each $formvars against regexp 6. Do something with validated data My goal is to make this general and not have to write a function for each "type" of input, am happier writing a short regexp for each input than writing a new function for each typei could come across... NOW, my original question is why should I or should not use regexp?? Is their a performance hit or not? Why do i not see anyone just using regexp instead of going through htmlentities() stripslashes() striptags(), i mean, if the regexp doesnt validate it then its wrong.. Period.. User friendliness maybe? Try to make it easier for the person filling the form? Am stumped, can't seem to find the real reason... Regards, Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
