Page 1 of 1
Malicious Input
Posted: Fri Sep 16, 2005 4:33 pm
by Todd_Z
I am making a form with about 40 text fields. The question that I have is how to validate those fields as to eliminate the possibility of malicious content. Anyone have any good functions or tips?
Posted: Fri Sep 16, 2005 4:38 pm
by John Cartwright
What I've done with forms is created an extension class to
viewtopic.php?t=34883 which interacts with my form processing class.
Posted: Fri Sep 16, 2005 4:51 pm
by neophyte
There was a good article in last months phparch that talked about whitelisting your fields. That's what I'd do. Make an array of your field names as key and the type of validation/ name of function as value. Loop through your post with you fields array and validate each field and make an error array ect...
Check out the ctype series of functions.
http://us2.php.net/manual/en/ref.ctype.php
Posted: Sat Sep 17, 2005 7:10 am
by raghavan20
I dont think its so difficult.
you have to loop your $_POST array(i am sure you dont use get for that)
if all the text fields are goin to be same data type, its as simple to run a custom made validation function on each value and output error if validation fails.
else, if of different data types,
you can have an array where
fieldname, fieldtype
then you have validation rules for each datatype.
so you get the $_POST array
match the fieldname first by looping, if matched get the field type
run a sub if block and check for appropriate data type validation rule.
thats all i could think