Forum Moderators: coopster
let's say I have a mutli-page form. I use functions to validate each form field individually.
So I have:
foreach ($_REQUEST as $Key => $Value){
($Key === "surname")? $surname = check_surname($_REQUEST['surname']) : '';
($Key === "name")? $name = check_name($_REQUEST['name']) : '';
...
}
?>
in the functions I assign the value of the request to a session if it validates (to carry it across the form pages) and unset the session if it doesn't validate (in case it's ok before and then changed).
If all the form field have a corresponding session my form was correctly field so I move on tho the next step.
What strikes me is that you seem to have a bunch of functions that will be used only once, such as check_name. That creates unnecessary extra server load. Why not do the validation and the assignment to session variables in the foreach-loop?
I use to have one very big function with all the checks in but I split it up on the advice of someone knowing PHP better than me. That way I can use them for other forms on ths site as well even if they don't include all the fields.
If compromised a file ending in ‘.inc’ will show all – a file ending in ‘.inc.php’ will not.
I keep my entire "system" in a .htaccess protected folder so it can't be comprised as easily. It's included from there into other PHP files.
I keep my entire "system" in a .htaccess protected folder
A better way is to keep your includes completely outside of the document tree. That way a mistake in your .htaccess won't expose the files.
