sudhakararaog Posted May 29, 2008 Share Posted May 29, 2008 i need to validate a field in a form where a user enters a reference number this can be letters, numbers and special characters also so i have not written any special preg match as the username is a combination. the only check i am doing is if there are any white spaces and if a user simple presses the space bar and does not enter value i display a message to enter the reference number and even if there are white spaces followed by the reference number i have used trim method. i have checked in the database even if there are white spaces followed by reference number due to trim() method the data in the table is being inserted whithout those white spaces. following is the code i am presently using $referencenumber = trim($_POST["referencenumber"]); if(strlen($referencenumber) == 0) { $error.="<li>Reference number cannot be blank </li> <br />"; } this code works perfectly fine and does what it is supposed to, however i am using techniques to avoid sql injection. following is the technique i have used if(get_magic_quotes_gpc()) { $username = stripslashes($_POST["username"]); } else { $username = $_POST["username"]; } due to this even if i use if(get_magic_quotes_gpc()) { $lodgementnumber = stripslashes($_POST["lodgementnumber"]); } else { $lodgementnumber = trim($_POST["lodgementnumber"]); } if(strlen($lodgementnumber) == 0) { $error.="reference number cannot be blank; } the validation is not doing what it does in the code i mentioned at the begining. i need to use techniques to avoid sql injection and i also need the validation to work. how can i fix this. please advice. thanks. Link to comment https://forums.phpfreaks.com/topic/107858-form-validation/ Share on other sites More sharing options...
nloding Posted May 29, 2008 Share Posted May 29, 2008 First, please put your code in between the [ code][/code ] brackets (it's the "#" button above the reply textarea). There is no difference between what you're doing, except, when you're calling the strip_slashes method, you aren't trimming it. Therefore, if magic_quotes is on, you may still have whitespace. Try simplifying your code a bit: <?php if(get_magic_quotes_gpc()) { $lodgementnumber = stripslashes($_POST["lodgementnumber"]); } else { $lodgementnumber = $_POST["lodgementnumber"]; } if(strlen(trim($lodgementnumber)) == 0) { $error.="reference number cannot be blank; } ?> Link to comment https://forums.phpfreaks.com/topic/107858-form-validation/#findComment-552898 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.