Validating strings

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Validating strings

Post by matthijs »

What sort of validation do you use for the validation of strings? Say you have form fields for user input of names, or street, etc.

What I have now are NotEmpty and StringLength. So a family name must be filled in and be between 1 and 100 characters long. Could also be 200 chars (you never know what strange long name someone might have.

However, I'm not sure what else to do. Like alnum is too restrictive. And I haven't come up with a good regex yet. Most of them are too restrictive for general use. A user might have characters other then the regular abc in his name (think French, Hebrew, etc)
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Validating strings

Post by social_experiment »

NotEmpty is my validation method of choice, come to think of it, with names / surnames etc I haven't really done any 'checking' for alphabet characters :? The point about the non-english names is good one, not one i paid attention to it until this very second probably because most of my work is done for clients with english as a first or second language. It's not a good idea too assume though that their clients or users will also have 'english-alphabet' safe names / surnames.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Post Reply