stormflurry

[!--quoteo(post=359856:date=Mar 29 2006, 07:24 PM:name=gavinandresen)--][div class=\'quotetop\']QUOTE(gavinandresen @ Mar 29 2006, 07:24 PM) [snapback]359856[/snapback][/div][div class=\'quotemain\'][!--quotec--] Do you care if hackers can influence your form validation? If you do (and you probably should), then you can't put any information about what should be validate or how it should be validated in your forms (because it's really easy to change hidden fields-- e.g. grab the FireFox Web Developer extension and it lets you see and edit the hidden fields before submission). You should probably turn it around, and define what fields need to get validated in your PHP code: $needValidation = array('foo', 'bar', ... etc); foreach ($needValidation AS $field) { if (!isset($_POST[$field])) or empty($_POST[$field])) ... error.... } I handle form validation something like this: [code] $validationData['siteName'] = array('isRequired', 'type' => 'text'); $validationData['isLive'] = array('isRequired', 'type' => 'number'); $validationData['rootDirectory'] = array('isRequired', 'type' => 'text'); $validationData['defaultTemplate'] = array('isRequired', 'type' => 'text'); $validationData['siteFooter'] = array('isRequired', 'type' => 'text'); $validationData['provdist'] = array('isRequired'); if (isset($post['submit'])) {   $formErrors = validateForm($post, $validationData);   if (!preg_match('/^\w*$/', $post['rootDirectory'])) {     $formErrors['rootDirectory'] = "Invalid Location";   }   if (count($formErrors) == 0) {     // Normally there would be code here to process the form     // and redirect to a thank you page...   } } else {   $formErrors = array(); } echo fillInFormValues($html, $post, $formErrors); [/code] (try out the form at [a href=\"http://www.skypaint.com/gavin/code/longExample.php\" target=\"_blank\"]http://www.skypaint.com/gavin/code/longExample.php[/a] ) [/quote] This is a good suggestion and I do do script side validation for my purposes. The main purpose of this class validator i'm building is to allow my users to create forms and database tables on the fly. Basically I want them to have to build the form using the form builder and select which fields need which type of validation before it get's inserted into the database. I guess theoretically I could build custom script side validatorion for each form by creating another include...I don't know it's an option but it seems like there should be something cleaner. I'm aware of the hacker problem. I do it myself in certain situations. This validator would not be used in any place where data integrity is a 100% priority. That would all be built right in to the script.

[!--quoteo(post=359705:date=Mar 29 2006, 11:43 AM:name=kenrbnsn)--][div class=\'quotetop\']QUOTE(kenrbnsn @ Mar 29 2006, 11:43 AM) [snapback]359705[/snapback][/div][div class=\'quotemain\'][!--quotec--] Why don't you create a hidden field for each of the fields that potentionally won't be passed back with a default value. Name this field the same as the real field. This way your script will get a value no matter what the user does and you don't have to jump through hoops to do your validation. To the poster [b]craygo[/b] who keep saying to use Java, I believe you are refering to Javascript, not Java. They are two different languages. Please spell out Javascript when you mean Javascript and don't abbreviate it to Java. Ken [/quote] Hey Ken, I've actually experimented with that and here's the example let's say this is part of my form <input type="checkbox" name="field1"> <input type="hidden" name="field1" value="off"> Let's say that I want the checkbox to be checked in my POST array I now have field1=off&field1=on while I'm looping through my validator for each varaible I'll run into an issue it'll perform two separate actions foreach($_POST as $key => $value) { if ($field1 == "off") { Send Error } elsif($field1 == "on") { no error } so my validator will kick an error no matter what I want to have happen...at least I haven't found a way around that little quandy at this point. I keep coming up with new solutions or ideas on how to do this and I get to a point where PHP just won't allow me to do what I need to do. It's frustrating. Javascript is nice but I need to have a bullet proof postback method that uses neither javascript or ajax...

[!--quoteo(post=359656:date=Mar 29 2006, 09:03 AM:name=craygo)--][div class=\'quotetop\']QUOTE(craygo @ Mar 29 2006, 09:03 AM) [snapback]359656[/snapback][/div][div class=\'quotemain\'][!--quotec--] What are you looking to do exactly. You can use java to make sure fields are filled in before the form is even submitted. Then there would not be a need to do a check with php after. If you want to do this I can give you what you need. I have alot of samples to check on form fields. Ray [/quote] Ray that would be appreciated I haven't implemented any pre postback validation yet but this side of the script i mainly to protect my DB from junk and make sure that the customer doesn't throw of any SQL errors...

Any help anybodY?

Hi All, I'm building a custom validator and here's the issue that i'm running into. PHP does not collect unset varaibles names for checkboxes or radio buttons into the $_POST array. so when I do this (foreach $_POST as $key => $value) { etc } I cannot easily check to see if the varaible is empty so the line that I'm working along is creating a hidden variable in the form that does this <input type="hidden" name="checkme" value="checkbox/radiobutton field_name that needs to be check"> my validation code looks something like this //each varialbe name gets exploded and validated based on the trailing characters if ($check[1] == 3) { //set the name of the field that I need to look for $temp = $value; //check to see if the variable is set and then if not push that back through the header if ($$temp != "on") { $count++; $error_string .= 'Error_'.$value.'=on&'; } } here's my issue this works but I need to change $$temp into something that looks like this $_POST[$$temp] but this doesn't work I need some help to be able to set $_POST['x'] x on the fly to whatever I want... I've tried a bunch of different things at this point and needs some help. Thanks Matt

Hi All, I'm trying to become a smarter programmer I guess by changing all of the files that I previously used as scripts to php classes. I'm having trouble moving arrays out of the class once I've selected the appropriate data. Here is the code below. This is my class. What the class is supposed to do for me is connect me up to the data base set the date range that I want to look at and then select the appropriate information from the table. It currently does all of these things. class select { function DBSelect ($db_name) { define('MYSQL_DB_USER','root'); define('MYSQL_DB_PASSWORD','----'); define('MYSQL_DB_HOST','localhost'); define('MYSQL_DB_NAME',$db_name); $dbc = mysql_connect (MYSQL_DB_HOST,MYSQL_DB_USER,MYSQL_DB_PASSWORD); mysql_select_db (MYSQL_DB_NAME); } function SetDate () { if ($_GET['FirstSelectDay'] && $_GET['FirstSelectMonth'] && $_GET['FirstSelectYear']) { $this->$NewDate = $_GET['FirstSelectYear']; $this->$NewDate .= "-"; $this->$NewDate .= $_GET['FirstSelectMonth']; $this->$NewDate .= "-"; $this->$NewDate .= $_GET['FirstSelectDay']; return $this->newDate; } else { $this->$NewDate = date("Y-m-d"); return $this->newDate; } } function GetResults ($procedure) { $this->DBSelect('tndcs'); $this->setDate(); $date = $this->$newDate; $this->$procedure = 'procedures/'; $this->$procedure .= $procedure; $this->$procedure .= '.inc'; include_once($this->$procedure); $result = @mysql_query($query); if ($result) { while($row = mysql_fetch_array($result,MYSQL_NUM)) { $this->values = $row; } mysql_free_result($result); return $this->values; } else { $error = mysql_error(); $error .= "\n\nUser id: {$_SESSION['user_id']}"; $message = "<p>$error<br>There has been an application error the server administrator has been contacted.</p>"; echo $message; mail ("stormflurry@gmail.com","Error in Action $action",$error,"From: {$_SESSION['user_email']}"); } } } My issue is that I can only get a single row back to the main script so if I have multiple rows of data I'm stuck. I've been pounding on this issue for many days and the only thing that I can come up with is placing the code that formats the selected data inside a subclass of select (). Basically make an extension that holds both the query that I want to run and the formatting that I need to apply to the results. if I run the query in the main script getting multiple rows is no problem I do my standard while ($row = mysql_fetch_array($result,MYSQL_NUM)) {} I guess what i need to know how to do is this. while ($values = $sql->getResults2('select_order_total')) {} but this doesn't work. Help please do I write unique extendor classes for each query which I feel is a mess or is there some better way. Thanks, Matt