Ansego Posted February 17, 2014 Share Posted February 17, 2014 Hi all, I am trying to validate a form, but run into some troubles... Full Name This works up until a space is present then fails, any suggestions? // # Fullname if (isset($_POST["Fullname"])){ $fnop = $_POST["Fullname"]; if (ctype_alpha($fnop)) { echo "</BR>PASSED! : FULLNAME : $fnop"; } else { echo "</BR>FAILED! : FULLNAME : $fnop"; } }; Test case: INPUT: 123456789 | OUTPUT: FAILED; INPUT: ABCD1234 | OUTPUT: FAILED; INPUT: AbCdEfGh | OUTPUT: PASSED; INPUT: AbC<Space>DeF | OUTPUT: FAILED; Phone number This works up until a 0 is in the number and then fails, any suggestions? // # Contact Num if (isset($_POST["Phone"])){ $phoneop = $_POST["Phone"]; if (filter_var($phoneop, FILTER_VALIDATE_INT)) { echo "</BR>PASSED! : PHONE : $phoneop"; } else { echo "</BR>FAILED! : PHONE : $phoneop"; } }; Test case: INPUT: 123456789 | OUTPUT: PASSED; INPUT: ABCD1234 | OUTPUT: FAILED; INPUT: AbCdEfGh | OUTPUT: FAILED; INPUT: 0432666777 | OUTPUT: FAILED; Kind regards and advance thanks. Quote Link to comment Share on other sites More sharing options...
phpzer Posted February 17, 2014 Share Posted February 17, 2014 (edited) Use those functions <?php function is_valid_name($name) { return preg_replace("/[^A-Za-z\s]/", "", $name) == $name; } function is_valid_phone_number($phone) { // you need only digits, right? return preg_replace("/[^0-9]/", "", $phone) == $phone; } Edited February 17, 2014 by phpzer Quote Link to comment Share on other sites More sharing options...
fastsol Posted February 18, 2014 Share Posted February 18, 2014 Why are you trying to limit the users ability to type their name. Names can have lots of different symbols and spaces. There is no need to filter a name other than maybe length so that it fits in your db. Just sanitize the data before putting it in a query. For the phone number, here is a better preg_match preg_match('/^[2-9]{1}[0-9]{2}-[0-9]{3}-[0-9]{4}$/', $str) Quote Link to comment Share on other sites More sharing options...
davidannis Posted February 18, 2014 Share Posted February 18, 2014 Why are you trying to limit the users ability to type their name. Names can have lots of different symbols and spaces. There is no need to filter a name other than maybe length so that it fits in your db. Just sanitize the data before putting it in a query. For the phone number, here is a better preg_match preg_match('/^[2-9]{1}[0-9]{2}-[0-9]{3}-[0-9]{4}$/', $str) I don't think that this will work with international numbers or 1-800-666-5554 because you don't allow the 1- in front. Also, this does not allow spaces or parentheses or absence or dashes. I hate being forced to reinput a phone number because I didn't use the expected format. This article has a lively discussion of the issues and some code that might be worth a look at: http://www.reddit.com/r/PHP/comments/18j6k9/heres_a_function_to_reliably_validate_and_format/ Quote Link to comment Share on other sites More sharing options...
jazzman1 Posted February 18, 2014 Share Posted February 18, 2014 Why are you trying to limit the users ability to type their name. Names can have lots of different symbols and spaces. It really depends @fastsol. I have a cottage rental's web site. In order to avoid any misunderstandings about first and last name, I have developed a set of rules to filter them before the data to be sent to the database. I don't want the owner to get an email from prospective clients with names contained numbers and letters. Quote Link to comment Share on other sites More sharing options...
Ansego Posted February 18, 2014 Author Share Posted February 18, 2014 Thanks heaps for everyone's input. @ phpzer | WORKS PERFECTLY! @ fastsol | Re why limit what users can put as full name: Clients don't want to receive gibberish, not met anyone with a number in their real name. I converted it to IF STATEMENT: FULL NAME: if (isset($_POST["Fullname"])){ $fnop = $_POST["Fullname"]; if (preg_replace("/[^A-Za-z\s]/", "", $fnop) == $fnop) { echo "</BR>PASSED! : FULLNAME : $fnop"; $statusflag = $statusflag + 1; } else { echo "</BR>FAILED! : FULLNAME : $fnop"; } }; PHONE: if (isset($_POST["Phone"])){ $phoneop = $_POST["Phone"]; if (preg_replace("/[^0-9]/", "", $phoneop) == $phoneop) { echo "</BR>PASSED! : PHONE : $phoneop"; $statusflag = $statusflag + 1; } else { echo "</BR>FAILED! : PHONE : $phoneop"; } }; Thanks heaps guys! Really appreciated! Quote Link to comment Share on other sites More sharing options...
fastsol Posted February 18, 2014 Share Posted February 18, 2014 Ok geeez I get it Honestly I have built plenty of websites that have contact forms and have never received any string of text from the name field other than normal letters. By using a captcha I find that when you do get a fake email you can tell it was someone that was just copy pasting in things and you can verify quickly to discard it. Just my 2 cents. Quote Link to comment Share on other sites More sharing options...
Ansego Posted February 19, 2014 Author Share Posted February 19, 2014 lol @ fastsol. Yes maybe over kill, but still saves me time if they cannot put garbage in straight up. Clients are paying for these contacts so the last thing I want is to send them rubbish and have to spend more time fixing it later down the track. Safe then sorry. Have a captcha as well, simple math problem, should keep most the bots away... maybe. Also hear that by restricting what they put into the fields limits SQL injection etc. I have also limited the permissions on the database as well for simple insert/update and put the important includes in a folder outside the web folder for good measure. Thanks for your 2 cents, appreciated. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.