Jump to content

validating the input

Love2c0de

By Love2c0de
in PHP Coding Help

Recommended Posts

Love2c0de Regular Member

Love2c0de

Posted
Posted

Hello, I have a site which allows users to upload files and download files. I am trying to validate the user input in the text form fields to make sure no special characters are found.

 

Here is my code:

<?php
     $form = "<form action='index.php' method='POST' enctype='multipart/form-data'>
             <table>
			     <tr>
				     <td>Demo Title:</td>
					 <td><input type='text' name='title' /></td>
				 </tr>
				 <tr>
				     <td>Description:</td>
					 <td><textarea name='description' cols='35' rows='5'></textarea></td>
				 </tr>
			     <tr>
				     <td></td>
				     <td><input type='file' name='myfile' /></td>
				 </tr>
				 <tr>
				     <td></td>
				     <td><input type='submit' name='submitbutton' value='Submit' /></td>
				 </tr>

			 </table>
          </form>";
		  
		 function check_input($data) {
             $illegalChars = "!@#$%^&*()+=-[]\\\';,./{}|\":<>?";

                 for($loop = 0;$loop<=$data.length-1;$loop++) {
                 if($illegalChars.strstr($data)!= -1){//if an illegal character was found...
	                 



	             }
             }
         
                 $data = trim($data);
                 $data = stripslashes($data);
                 $data = htmlspecialchars($data, ENT_QUOTES);
             $data = mysql_real_escape_string($data);
                 return $data;
             }  
		  
		 if(isset($_POST['submitbutton'])){
		     
		     $title = check_input($_POST['title']);
			 $description = check_input($_POST['description']);

			 $name = $_FILES['myfile']['name'];
			 $type = $_FILES['myfile']['type'];
			 $size = $_FILES['myfile']['size'];
			 $tmpname = $_FILES['myfile']['tmp_name'];
			 $date = date("d/m/Y");
			 $ext = substr($name, strrpos($name, '.'));

			 if($type != "application/octet-stream"){
			     echo "$form.You cannot upload that file type. .dem files only!";
			 }
			 else{
			     if($name) {

			         if($title && $description){
				    
			         require("connect.php");

					 $query = mysql_query("INSERT INTO demos VALUES ('', '$name','$title', '$description', '$date')");

                         move_uploaded_file($tmpname, "files/"."$name");
				     echo "$form.Your file has been successfully uploaded.";
				 }
				 else{
				     echo "$form.You did not fill in the form completely.";
				 }
			 }
			 else {
			     echo "$form.You did not select a file.";
			 }
			 }
} 
 else{
	 echo "$form";
 }

At the moment, the code is converting the special characters into their relative character code but I want the function to delete any special character from the string. If that's not a good way to do it, I'd like to leave the function as it is, but when displaying the table data back to the page, I'd like it to print only the actual alphanumeric characters and not the converted special characters. For instance, if I enter abc123xyz~%$ then when reading the table data to the page, I want it to just read abc123xyz. I hope I have explained well enough.

 

What is the best way to achieve this?

 

Thank you in advance for any information you can put my way.

 

Regards,

 

 

BuNgLe

 

 

Link to comment
https://forums.phpfreaks.com/topic/264371-validating-the-input/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.