i need to validate a field in a form where a user enters a reference number
this can be letters, numbers and special characters also so i have not
written any special preg match as the username is a combination. the only
check i am doing is if there are any white spaces and if a user simple
presses the space bar and does not enter value i display a message to enter
the reference number and even if there are white spaces followed by the
reference number i have used trim method. i have checked in the database
even if there are white spaces followed by reference number due to trim()
method the data in the table is being inserted whithout those white spaces.
following is the code i am presently using
$referencenumber = trim($_POST["referencenumber"]);
if(strlen($referencenumber) == 0)
{
$error.="<li>Reference number cannot be blank </li> <br />";
}
this code works perfectly fine and does what it is supposed to, however i am
using techniques to avoid sql injection. following is the technique i have
used
if(get_magic_quotes_gpc())
{
$username = stripslashes($_POST["username"]);
}
else
{
$username = $_POST["username"];
}
due to this even if i use
if(get_magic_quotes_gpc())
{
$lodgementnumber = stripslashes($_POST["lodgementnumber"]);
}
else
{
$lodgementnumber = trim($_POST["lodgementnumber"]);
}
if(strlen($lodgementnumber) == 0)
{
$error.="reference number cannot be blank;
}
the validation is not doing what it does in the code i mentioned at the
begining.
i need to use techniques to avoid sql injection and i also need the
validation to work.
how can i fix this.
please advice.
thanks.
