mkosmosports Posted June 13, 2007 Share Posted June 13, 2007 Hey, Im in the midst of creating a secure signin script which brings me to two questions I have. 1. I want to filter out blank spaces from the login and password fields. Im very unfamiliar with regular expressions, so I went out and found the below script on the web: function no_specialchars($field1) { if (!eregi("[a-zA-Z0-9]+",$field1)) { $_SESSION['error'] = "The password or username fields should only contain alphanumerical characters or hyphens and underscores."; header('Location: reg_signin.html'); exit(); } } This function seems to do the trick when I try to signin with most special characters (although not all of them?!) and only spaces, however it still lets me pass when I put spaces before, in between or after the text string. What I want is to filter out any spaces and any special characters except for hyphens and underscores. Any ideas? Thanks in advance. 2. My second question would bring me to the handling of an error caught by the filter. Im using sessions where the session key 'error' is created once the filter finds a problem. This session data is then kept and displayed at the original signin form page. Is this the ideal way to do it or should I maybe put url variables to the redirect link such as header('Location: reg_signin.html?error=1'); and then read the user the error according to the error GET value? Thanks everyone... Quote Link to comment https://forums.phpfreaks.com/topic/55416-solved-form-validation/ Share on other sites More sharing options...
gp177 Posted June 13, 2007 Share Posted June 13, 2007 What about something line this? Just replace the characters below with the ones you don't want users to use. function isValidInput($content) { for($i=0;$i<strlen($content);$i++) { switch(substr($content,$i,1)) { case "<" : return false ; break ; case ">" : return false ; break ; case "\"" : return false ; break ; case "&" : return false ; break; case " " : return false ; break; } } return true ; } Quote Link to comment https://forums.phpfreaks.com/topic/55416-solved-form-validation/#findComment-273874 Share on other sites More sharing options...
mkosmosports Posted June 13, 2007 Author Share Posted June 13, 2007 True...that would work. I was hoping to do it using regular expressions though as it would be much shorter.... Quote Link to comment https://forums.phpfreaks.com/topic/55416-solved-form-validation/#findComment-273879 Share on other sites More sharing options...
smc Posted June 13, 2007 Share Posted June 13, 2007 Well if you just want to filter at white spaces you can do something like str_replace( " ", "", $myPassword ); str_replace( " ", "", $myLogin ); Consequently if you wanted to fail the login based on it you can do if( strstr( $myLogin, " " ) ){ myFunctionofFailure(); } And the same would be valid for the password field. Hope this helps Quote Link to comment https://forums.phpfreaks.com/topic/55416-solved-form-validation/#findComment-273891 Share on other sites More sharing options...
thefortrees Posted June 13, 2007 Share Posted June 13, 2007 http://weblogtoolscollection.com/regex/regex.php Quote Link to comment https://forums.phpfreaks.com/topic/55416-solved-form-validation/#findComment-273892 Share on other sites More sharing options...
mkosmosports Posted June 13, 2007 Author Share Posted June 13, 2007 Thanks for your suggestion smc, Im still convinced on using regex here though. thefortress, thats a very nice tutorial you gave the link to. Ive been able to form the following condition, but it always returns true, no matter what I enter into the field! if (!preg_match("[a-zA-Z0-9_-]{4,20}",$field)) { $_SESSION['error'] = "$field value must be between 4 and 20 characters. Please start again."; header('Location: reg_signin.html'); exit(); } Once again, I want the above to filter out any $field values that have characters other than alphanumerical ones, hyphens or underscores and are shorter than 4 or longer than 20. How come its not working? Any suggestions for the new regex beginner? Thanks. Quote Link to comment https://forums.phpfreaks.com/topic/55416-solved-form-validation/#findComment-273973 Share on other sites More sharing options...
mkosmosports Posted June 13, 2007 Author Share Posted June 13, 2007 Unless someone thinks this wont work under a certain scenario. I think Ive figured it out (tested all scenarios I think) So, for any of you wanting to use regex (with preg_match function) to validate sign-in fields from: -being less than or more than a specific number of characters (below Im using 4-20) -containing any special characters (including blank spaces) except for hyphens or underscores. -if first validation level is ok, containing a list of banned words (against SQL injection, I should of put more banned words in there, but there must be a fine line of what the user CAN actually write) if (preg_match("/^[a-zA-Z0-9-_]{4,20}$/",$field)) { if (preg_match("/\bdelete\b|\binsert\b|\bdrop\b|\bselect\b/i",$field)) { echo("NO!"); } else echo("YES!"); } else { echo("NO!"); Of course the echo NO's or YES's would have to be replaced by the action you would want the script to take based on the result. mkosmosports Quote Link to comment https://forums.phpfreaks.com/topic/55416-solved-form-validation/#findComment-274034 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.