Jump to content

Recommended Posts

Hi all,

 

I am trying to validate a form, but run into some troubles...

 

Full Name

 

This works up until a space is present then fails, any suggestions?

			// # Fullname 
		if (isset($_POST["Fullname"])){
					
			$fnop = $_POST["Fullname"];
			
			if (ctype_alpha($fnop)) {
					echo "</BR>PASSED! : FULLNAME : $fnop";
				} else {
					echo "</BR>FAILED! : FULLNAME : $fnop";
				}

		};

Test case:

  • INPUT: 123456789 | OUTPUT: FAILED;
  • INPUT: ABCD1234 | OUTPUT: FAILED;
  • INPUT: AbCdEfGh | OUTPUT: PASSED;
  • INPUT: AbC<Space>DeF | OUTPUT: FAILED; 

 

Phone number

 

This works up until a 0 is in the number and then fails, any suggestions?

			// # Contact Num
		if (isset($_POST["Phone"])){
			
			$phoneop = $_POST["Phone"];
			
			if (filter_var($phoneop, FILTER_VALIDATE_INT)) {
					echo "</BR>PASSED! : PHONE : $phoneop";
				} else {
					echo "</BR>FAILED! : PHONE : $phoneop";
				}
		};

Test case:

  • INPUT: 123456789 | OUTPUT: PASSED;
  • INPUT: ABCD1234 | OUTPUT: FAILED;
  • INPUT: AbCdEfGh | OUTPUT: FAILED;
  • INPUT: 0432666777 | OUTPUT: FAILED; 

 

 

Kind regards and advance thanks.

 

Link to comment
https://forums.phpfreaks.com/topic/286273-form-validation-char-int-space-zero/
Share on other sites

Use those functions
 

<?php
function is_valid_name($name) {
    return preg_replace("/[^A-Za-z\s]/", "", $name) == $name;
}
function is_valid_phone_number($phone) { // you need only digits, right?
    return preg_replace("/[^0-9]/", "", $phone) == $phone;
}
Edited by phpzer

Why are you trying to limit the users ability to type their name.  Names can have lots of different symbols and spaces.  There is no need to filter a name other than maybe length so that it fits in your db.  Just sanitize the data before putting it in a query.  For the phone number, here is a better preg_match

preg_match('/^[2-9]{1}[0-9]{2}-[0-9]{3}-[0-9]{4}$/', $str)

 

Why are you trying to limit the users ability to type their name.  Names can have lots of different symbols and spaces.  There is no need to filter a name other than maybe length so that it fits in your db.  Just sanitize the data before putting it in a query.  For the phone number, here is a better preg_match

preg_match('/^[2-9]{1}[0-9]{2}-[0-9]{3}-[0-9]{4}$/', $str)

I don't think that this will work with international numbers or 1-800-666-5554 because you don't allow the 1- in front. Also, this does not allow spaces or parentheses or absence or dashes. I hate being forced to reinput a phone number because I didn't use the expected format. This article has a lively discussion of the issues and some code that might be worth a look at: http://www.reddit.com/r/PHP/comments/18j6k9/heres_a_function_to_reliably_validate_and_format/

 

Why are you trying to limit the users ability to type their name.  Names can have lots of different symbols and spaces.

 

It really depends @fastsol. I have a cottage rental's web site. In order to avoid any misunderstandings about first and last name, I have developed a set of rules to filter them before the data to be sent to the database. I don't want the owner to get an email from prospective clients with names contained numbers and letters.  

Thanks heaps for everyone's input.

 

@ phpzer | WORKS PERFECTLY! 

 

@ fastsol | Re why limit what users can put as full name: Clients don't want to receive gibberish, not met anyone with a number in their real name.

 

I converted it to IF STATEMENT:

 

FULL NAME:

		if (isset($_POST["Fullname"])){
					
			$fnop = $_POST["Fullname"];
			
			if (preg_replace("/[^A-Za-z\s]/", "", $fnop) == $fnop) {
					echo "</BR>PASSED! : FULLNAME : $fnop";
					$statusflag = $statusflag + 1;
				} else {
					echo "</BR>FAILED! : FULLNAME : $fnop";
				}

		};

PHONE: 

		if (isset($_POST["Phone"])){
			
			$phoneop = $_POST["Phone"];
			
			if (preg_replace("/[^0-9]/", "", $phoneop) == $phoneop) {
					echo "</BR>PASSED! : PHONE : $phoneop";
					$statusflag = $statusflag + 1;
				} else {
					echo "</BR>FAILED! : PHONE : $phoneop";
				}				

		};

Thanks heaps guys! Really appreciated!

 

 

Ok geeez I get it :)

Honestly I have built plenty of websites that have contact forms and have never received any string of text from the name field other than normal letters.  By using a captcha I find that when you do get a fake email you can tell it was someone that was just copy pasting in things and you can verify quickly to discard it. 

 

Just my 2 cents.

lol @ fastsol. Yes maybe over kill, but still saves me time if they cannot put garbage in straight up. Clients are paying for these contacts so the last thing I want is to send them rubbish and have to spend more time fixing it later down the track. Safe then sorry. Have a captcha as well, simple math problem, should keep most the bots away... maybe. Also hear that by restricting what they put into the fields limits SQL injection etc. I have also limited the permissions on the database as well for simple insert/update and put the important includes in a folder outside the web folder for good measure.

 

Thanks for your 2 cents, appreciated.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.