Re: Form Validation filter - Regex Q

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Haig Davis wrote:

 Morning All,

I've been figthing with this little problem for two days now, so far no luck
with google and am beginning to question my own sanity.

I have a application that has over one hundred forms some quite lengthy so
what I'm trying to achieve rather than writing a bunch of individual
sanitize statements then form validation statemenst that I could run $_POST
through a foreach loop and filter the values by form class i.e.is it an
emaill addreess or simply a text block with letters and numbers. The regex's
alone work fine as does the foreach loop the only issue I have is the IF
statement comparing $key to expected varieable names.

Heres the bit of code envolved.

if(isset($_POST['submit'])){
        foreach($_POST as $keyTemp => $valueTemp){
            $key = mysqlclean($keyTemp);
            $value = mysqlclean($valueTemp);
            $$key = $key;
            $$key = $value;

            if($key != ("$customerServiceEmail") || ("$billingEmail") ||
("$website")){
                if(preg_match("/[^a-zA-Z0-9\s]/", $value)){
                    $style = "yellow";
                    $formMsg = "Invalid Characters";
                    $bad = $key;

                }
            }
            if($key = ("$customerServiceEmail") || ("$billingEmail")){

if(preg_match("/^([a-zA-Z0-9._%-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4})*$/",
$value)){
                    $style = "yellow";
                    $formMsg = "Invalid Characters";
                    $bad = $key;
                }
            }

        }
}

Thanks for taking a peek.

Haig



1] Pear has several classes that will help you from reinventing the wheel.
2] I always, when possible, restrict what users are allowed to enter. Then, I simply delete or warn them about anything that is not permissible. e.g., they can enter any of the plain html tags. Any tags not in this list are removed.
//region******** Usable XHTML elements for user admin prepared user instructions [Only these XHTML tags can be used] ********/
$inlineHtmlTagsArray = array('a', 'b', 'img', 'em', 'object', 'option', 'select', 'span', 'strong',);//Note img is both empty and inline 
$blockHtmlTagsArray = array('div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'p', 'pre',);
$emptyHtmlTagsArray = array('br', 'hr', 'img',);
$listHtmlTagsArray = array('li', 'ol', 'ul');
$tableHtmlTagsArray = array('col', 'table', 'tbody', 'td', 'th', 'thead', 'tr',);

I also do syntax and reverse DNS tests for all links and email addresses.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux