Welcome to WebmasterWorld Guest from 54.166.74.48

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Sanitizing

If else statement

     
11:03 pm on Oct 4, 2010 (gmt 0)

Preferred Member

10+ Year Member

joined:Apr 1, 2005
posts:370
votes: 0


I'm trying to sterilize my PHP code and I'm exploring options. The trim and other functions are good and I plan to use those too, and another idea I've got is to use an if / else statement to exclude certain characters.

What I've got so far is below.

Help!

<html>
<head>
<title>Registration form</title>
</head>


<body>

<form action="test.php" method="post">

<input type="text" name="user_name">
<br>
<input type="text" name="psword">
<br>
<input type="submit" value="Submit">

</form>

<?php

if ($_POST["user_name"] || $_POST["psword"] contains \ or/ or*)

{
echo "Field contains at least one invalid character";
}

else
{
echo "All characters are valid";
}

?>

</body>
</head>
7:49 am on Oct 5, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:Feb 22, 2009
posts:1396
votes: 0


Hi there Adam5000,

This is where you need to have the preg_match("\\", $input) function in use so that you can 'filter' out any chars that you don't want. So:-

if ((preg_match("/^[\/*]+$/m", $_POST['user_name']) || (preg_match("/^[\/*]+$/m", $_POST['psword']))){
//pattern has matched
}
else{
//pattern not matched
}

Right, I'll call this pseudo code, as regex patterns are NOT my strong suite, you may need to play with it (I guess as Rocknbil would point out the error's in my patterns ;-)) Hopefully you get the idea of what I am trying to convey.

I would suggest as you decide what you would want to call *allowed* chars then tweak the pattern from that..

Hope that makes sense anyway.

Cheers,
MRb
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members