Form Validation

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
oo7ml
Forum Newbie
Posts: 15
Joined: Sun Jun 17, 2007 4:30 pm

Form Validation

Post by oo7ml »

I have some form validation done, but it's not very good. How do i make sure that users can only use a-z, A-Z, 0-9. Would this help make sure my site is more secure. (there for users would not be able to use special characters)

Here is the code i have so far:

Code: Select all

// check that username is 5 characters or more
$username	= $_POST['username'];
if (strlen($username) > 4){

}
else {
  die

//email validation - i got this from a script

$email = $_POST['email'];

if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) {

}
else {
  die
how can i make sure that the $username only can have a-z, A-Z, 0-9
User avatar
ghadacr
Forum Contributor
Posts: 135
Joined: Fri May 11, 2007 10:44 am

Re: Form Validation

Post by ghadacr »

to make sure that username is only a number try this...

Code: Select all

$status = "OK"; // setting the flag for form validation
$msg=""; // error message string is blank

function check_field2($username)
{
  if(!preg_match("/[^0-9\ ]+$/",$username))
    return TRUE;
  else
    return FALSE;

 if(!check_field2($username))
{
  
$msg .="<center>Please enter a number for username</center><BR>";
$status="NOT OK";
}

}
User avatar
jayshields
DevNet Resident
Posts: 1912
Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England

Post by jayshields »

You could use regexp to do what you asked for, but I can't see why you would want to do that.

I'm presuming you're validating the inputs because you're going to use the data with a database? If so, look at

Code: Select all

mysql_real_escape_string()
In regards to the last post. If you want to make sure that data only contains numbers you can use

Code: Select all

is_numeric()
User avatar
jayshields
DevNet Resident
Posts: 1912
Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England

Post by jayshields »

You could use regexp to do what you asked for, but I can't see why you would want to do that.

I'm presuming you're validating the inputs because you're going to use the data with a database? If so, look at

Code: Select all

mysql_real_escape_string()
In regards to the last post. If you want to make sure that data only contains numbers you can use

Code: Select all

is_numeric()
User avatar
ghadacr
Forum Contributor
Posts: 135
Joined: Fri May 11, 2007 10:44 am

Post by ghadacr »

jayshields wrote:You could use regexp to do what you asked for, but I can't see why you would want to do that.

I'm presuming you're validating the inputs because you're going to use the data with a database? If so, look at

Code: Select all

mysql_real_escape_string()
In regards to the last post. If you want to make sure that data only contains numbers you can use

Code: Select all

is_numeric()
You could do it that either way it prevents from SQL insertion, which is defintley an important thing to prevent!!!!! Which was one of the things the other posts requested..
Would this help make sure my site is more secure.
oo7ml
Forum Newbie
Posts: 15
Joined: Sun Jun 17, 2007 4:30 pm

Post by oo7ml »

thanks for your help guys, i appreciate it
Post Reply