Jump to content

[SOLVED] form validation....

mkosmosports

By mkosmosports
in PHP Coding Help

 Share

Recommended Posts

mkosmosports Regular Member

mkosmosports

Posted
Posted

Hey,

 

Im in the midst of creating a secure signin script which brings me to two questions I have.

 

1. I want to filter out blank spaces from the login and password fields. Im very unfamiliar with regular expressions, so I went out and found the below script on the web:

 

function no_specialchars($field1)

{

if (!eregi("[a-zA-Z0-9]+",$field1))

{

$_SESSION['error'] = "The password or username fields should only contain alphanumerical characters or hyphens and underscores.";

header('Location: reg_signin.html');

exit();

    }

}

 

This function seems to do the trick when I try to signin with most special characters (although not all of them?!) and only spaces, however it still lets me pass when I put spaces before, in between or after the text string. What I want is to filter out any spaces and any special characters except for hyphens and underscores. Any ideas? Thanks in advance.

 

2. My second question would bring me to the handling of an error caught by the filter. Im using sessions where the session key 'error' is created once the filter finds a problem. This session data is then kept and displayed at the original signin form page. Is this the ideal way to do it or should I maybe put url variables to the redirect link such as header('Location: reg_signin.html?error=1'); and then read the user the error according to the error GET value?

 

Thanks everyone...

 

 

 

Link to comment
Share on other sites
gp177 Newbie

gp177

Posted
Posted

What about something line this?  Just replace the characters below with the ones you don't want users to use.

 

function isValidInput($content)
{
        for($i=0;$i<strlen($content);$i++)
        {
            switch(substr($content,$i,1))
            {
                case "<" :
                    return false ;
                    break ;

                case ">" :
                    return false ;
                    break ;

                case "\"" :
                    return false ;
                    break ;

                case "&" :
                    return false ;
                    break;

                case " " :
                    return false ;
                    break;
            }
        }

        return true ;
}

Link to comment
Share on other sites
smc Regular Member

smc

Posted
Posted

Well if you just want to filter at white spaces you can do something like

 

str_replace( " ", "", $myPassword );
str_replace( " ", "", $myLogin );

 

Consequently if you wanted to fail the login based on it you can do

 

if( strstr( $myLogin, " " ) ){

    myFunctionofFailure();

}

 

And the same would be valid for the password field. Hope this helps

Link to comment
Share on other sites
mkosmosports Regular Member

mkosmosports

Posted
  • Author
Posted

Thanks for your suggestion smc, Im still convinced on using regex here though. thefortress, thats a very nice tutorial you gave the link to. Ive been able to form the following condition, but it always returns true, no matter what I enter into the field!

 

if (!preg_match("[a-zA-Z0-9_-]{4,20}",$field))

{

$_SESSION['error'] = "$field value must be between 4 and 20 characters. Please start again.";

header('Location: reg_signin.html');

exit();

}

 

Once again, I want the above to filter out any $field values that have characters other than alphanumerical ones, hyphens or underscores and are shorter than 4 or longer than 20. How come its not working? Any suggestions for the new regex beginner?

 

Thanks.

Link to comment
Share on other sites
mkosmosports Regular Member

mkosmosports

Posted
  • Author
Posted

Unless someone thinks this wont work under a certain scenario. I think Ive figured it out (tested all scenarios I think)

 

So, for any of you wanting to use regex (with preg_match function) to validate sign-in fields from:

-being less than or more than a specific number of characters (below Im using 4-20)

-containing any special characters (including blank spaces) except for hyphens or underscores.

-if first validation level is ok, containing a list of banned words (against SQL injection, I should of put more banned words in there, but there must be a fine line of what the user CAN actually write)

 

if (preg_match("/^[a-zA-Z0-9-_]{4,20}$/",$field))

{

if (preg_match("/\bdelete\b|\binsert\b|\bdrop\b|\bselect\b/i",$field))

{

echo("NO!");

}

else

echo("YES!");

}

else

{

echo("NO!");

 

Of course the echo NO's or YES's would have to be replaced by the action you would want the script to take based on the result.

 

mkosmosports

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.