Page 1 of 1
Form Validation
Posted: Mon Jun 18, 2007 11:31 am
by oo7ml
I have some form validation done, but it's not very good. How do i make sure that users can only use a-z, A-Z, 0-9. Would this help make sure my site is more secure. (there for users would not be able to use special characters)
Here is the code i have so far:
Code: Select all
// check that username is 5 characters or more
$username = $_POST['username'];
if (strlen($username) > 4){
}
else {
die
//email validation - i got this from a script
$email = $_POST['email'];
if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) {
}
else {
die
how can i make sure that the $username only can have a-z, A-Z, 0-9
Re: Form Validation
Posted: Mon Jun 18, 2007 11:35 am
by ghadacr
to make sure that username is only a number try this...
Code: Select all
$status = "OK"; // setting the flag for form validation
$msg=""; // error message string is blank
function check_field2($username)
{
if(!preg_match("/[^0-9\ ]+$/",$username))
return TRUE;
else
return FALSE;
if(!check_field2($username))
{
$msg .="<center>Please enter a number for username</center><BR>";
$status="NOT OK";
}
}
Posted: Mon Jun 18, 2007 11:50 am
by jayshields
You could use regexp to do what you asked for, but I can't see why you would want to do that.
I'm presuming you're validating the inputs because you're going to use the data with a database? If so, look at
In regards to the last post. If you want to make sure that data only contains numbers you can use
Posted: Mon Jun 18, 2007 11:52 am
by jayshields
You could use regexp to do what you asked for, but I can't see why you would want to do that.
I'm presuming you're validating the inputs because you're going to use the data with a database? If so, look at
In regards to the last post. If you want to make sure that data only contains numbers you can use
Posted: Mon Jun 18, 2007 11:53 am
by ghadacr
jayshields wrote:You could use regexp to do what you asked for, but I can't see why you would want to do that.
I'm presuming you're validating the inputs because you're going to use the data with a database? If so, look at
In regards to the last post. If you want to make sure that data only contains numbers you can use
You could do it that either way it prevents from SQL insertion, which is defintley an important thing to prevent!!!!! Which was one of the things the other posts requested..
Would this help make sure my site is more secure.
Posted: Mon Jun 18, 2007 1:59 pm
by oo7ml
thanks for your help guys, i appreciate it