Welcome to WebmasterWorld Guest from 50.19.156.133

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Sanitizing

If else statement

     

Adam5000

11:03 pm on Oct 4, 2010 (gmt 0)

10+ Year Member



I'm trying to sterilize my PHP code and I'm exploring options. The trim and other functions are good and I plan to use those too, and another idea I've got is to use an if / else statement to exclude certain characters.

What I've got so far is below.

Help!

<html>
<head>
<title>Registration form</title>
</head>


<body>

<form action="test.php" method="post">

<input type="text" name="user_name">
<br>
<input type="text" name="psword">
<br>
<input type="submit" value="Submit">

</form>

<?php

if ($_POST["user_name"] || $_POST["psword"] contains \ or/ or*)

{
echo "Field contains at least one invalid character";
}

else
{
echo "All characters are valid";
}

?>

</body>
</head>

Matthew1980

7:49 am on Oct 5, 2010 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



Hi there Adam5000,

This is where you need to have the preg_match("\\", $input) function in use so that you can 'filter' out any chars that you don't want. So:-

if ((preg_match("/^[\/*]+$/m", $_POST['user_name']) || (preg_match("/^[\/*]+$/m", $_POST['psword']))){
//pattern has matched
}
else{
//pattern not matched
}

Right, I'll call this pseudo code, as regex patterns are NOT my strong suite, you may need to play with it (I guess as Rocknbil would point out the error's in my patterns ;-)) Hopefully you get the idea of what I am trying to convey.

I would suggest as you decide what you would want to call *allowed* chars then tweak the pattern from that..

Hope that makes sense anyway.

Cheers,
MRb
 

Featured Threads

Hot Threads This Week

Hot Threads This Month