Buyocat Posted March 31, 2007 Share Posted March 31, 2007 I've got a question which is more aimed at drumming up some opinions/starting a discussion then looking for a "right answer". I am writing an application and I wanted to hear some suggestions on how to handle the filtering of data from the user. The data is all coming in through one class where it is then passed as arguments to methods down the hierarchy, so it seems to make sense to do the checking at that top point. However what isn't as clear is whether the regular expressions (or some alternative) used should be exclusively set by the top level class. For instance I see that Cake (a framework) has a protected _validation array which Models can set with their own regex. I am not a huge fan of this approach because it leaves the array protected, and because it may be responsibility that goes past the role of the class. In fact I'd prefer a method which didn't rely so heavily on regex in the first place as I find regex hard to maintain. So what solutions have you come up with to handle input? I'm looking for suggestions which are flexible enough to accomodate unforseen changes in security, but simple enough to be implemented in a single class (or a single method). To kick this off here's my current solution (somewhat described above) if (!is_array($this->_validation)) throw new Exception("Unable to validate data bad validation hash found"); $result = array(); foreach ($arguments as $key => $value) { $pattern = $this->_validation[$key]; if ($pattern == null) throw new Exception("The submitted data has no corresponding pattern and can not be evaluated"); if (!preg_match($pattern, $value)) throw new Exception("The submitted data was invalid"); $result[$key] = $value; } return $result; Thanks for any help with the brainstorming! Link to comment https://forums.phpfreaks.com/topic/45017-filtering-data/ Share on other sites More sharing options...
neel_basu Posted March 31, 2007 Share Posted March 31, 2007 Sorry I didn't Understand whats your actual problem. Please Specify whats the error with which you are fighting and write short. I just understood its something like form validation With respect to that if you use zigmoyd validator this would be the syntax HTML ---- <input type="text" name="frm_name" /> <input type="text" name="@name_email" /><!-- @ for email --> <input type="password" name="#psw" /><!-- # hashed SHA1 Psw --> <input type="password" name="^#psw"><!-- Psw Confirmation --> <input type="text" name="!optional"><!-- ! Optional Field --> <input type="text" name="sign(4-"><!-- 4 to 8 Char Long--> <input type="text" name="web_site{.}+"><!-- Must Contain <dot> --> And Many More PHP ---- <?php $validate = new validate("get");//if Used new validate() It will detect the form method automatically echo "<pre>"; print_r($validate->report());//Holds the reports echo "</pre>"; ?> And I think You have to type Less Php Codes Here ERROR ------ It would fire thease types of errors (invalid, blank, or different) more info Link to comment https://forums.phpfreaks.com/topic/45017-filtering-data/#findComment-218622 Share on other sites More sharing options...
Buyocat Posted March 31, 2007 Author Share Posted March 31, 2007 I don't have a specific problem per se. I am just trying to learn some new methods to solve the problem of validation. Thanks for the link, I will check it out. Any other suggestions and explanations would be appreciated. Link to comment https://forums.phpfreaks.com/topic/45017-filtering-data/#findComment-218692 Share on other sites More sharing options...
Trium918 Posted March 31, 2007 Share Posted March 31, 2007 From my understanding, you re trying to create a data filter of some sort. I'm suggesting that you are talking about a language filter, so are you? Link to comment https://forums.phpfreaks.com/topic/45017-filtering-data/#findComment-218697 Share on other sites More sharing options...
neel_basu Posted March 31, 2007 Share Posted March 31, 2007 By the Way Use this DTD while using that type of form <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> Link to comment https://forums.phpfreaks.com/topic/45017-filtering-data/#findComment-218698 Share on other sites More sharing options...
Buyocat Posted March 31, 2007 Author Share Posted March 31, 2007 I'm simply talking about security and making sure that incoming data is clean. I am not really interested in writing a new or large system to address this issue, but I wanted to hear what other people were doing so I could pick the from best of other solutions. The solution I am most familiar with is the one Cake uses or some variation on it. You have an associative array of regex and you submit values in the $_POST (or some such array) with keys that correspond to regex to some evaluation. Link to comment https://forums.phpfreaks.com/topic/45017-filtering-data/#findComment-218710 Share on other sites More sharing options...
neel_basu Posted March 31, 2007 Share Posted March 31, 2007 The Method you are talking about (Something like custom validation) needs all those regex should be created by yourself. But if your regex skill is good enough its OK. Link to comment https://forums.phpfreaks.com/topic/45017-filtering-data/#findComment-218719 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.