Jump to content

Form action validation


meltingpoint

Recommended Posts

Form has combo box that lets users pick - Delete or Edit with corresponding values of delete and edit sent via $_POST.

 

I want to validate that either one or the other has been picked.  Doing this will keep from someone trying to inject some other crud.  So I tried ;

 

<?php
if($action !== 'delete' || 'edit'){ echo "ERROR- you must choose an appropriate form Action.  Please try again.";}
?>

It does not seem to work.  Before I go on, is my syntax / coding correct?

 

If I do it like below- it works.

<?php
if($action !== 'delete' or $action !== 'edit'){ echo "ERROR- you must choose an appropriate form Action.  Please try again.";}
?>

Just trying to figure out the proper coding method.

 

Tks

Link to comment
Share on other sites

Hmm, the first one doesn't work and the second one does. I wonder which one is correct?

 

When using and AND or OR, the parts on each side of that clause are interpreted individually. So, in this case:

if($action !== 'delete' || 'edit')

 

It is saying if [$action !== 'delete' ] is true OR if ['edit'] is true. It doesn't know you wanted to compare 'edit' to $action. Each clause of the condition stands on it's own. In this case (with only two options), a more simple approach would be to simply check for one value and if not that value then choose the other. I would default to the edit.

$action = (isset($_POST['action']) && $_POST['action']=='delete') ? 'delete' : 'edit';

 

Or, to make your code easier to read you could use in_array() which is also useful wehn you have more than two values

if(!in_array($action, array('edit', 'delete')))
{
    echo "ERROR- you must choose an appropriate form Action.  Please try again."
}

Link to comment
Share on other sites

Hey- nice idea with the array.  So......should work...

<?php
$action = $_POST['action'];

if(!in_array($action, array('edit', 'delete')))
{
echo "ERROR- you must choose an appropriate form Action.  Please try again";
}
?>

 

I did not know that you could use in_array() in that way. 

Excellent!  I will try it and see if it works.

 

Thanks

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.