How To: White List Function
Moderator: General Moderators
How To: White List Function
Hello,
I have been searching google and these forums for information on how to create a white list and I haven't been able to find anything. Basically what I want to do is fill an array with allowed characters and then compare that to a string. If the string contains a character that is not in the array then the function will return false, thus invalidating the data. I'm really not sure what the best way to do this would be.
A good example of that I want to do is create a whitelist of the numbers 0 through 9. I want to give it a string like 993939d and have it return false. Any help would be appreciated.
Thank you.
I have been searching google and these forums for information on how to create a white list and I haven't been able to find anything. Basically what I want to do is fill an array with allowed characters and then compare that to a string. If the string contains a character that is not in the array then the function will return false, thus invalidating the data. I'm really not sure what the best way to do this would be.
A good example of that I want to do is create a whitelist of the numbers 0 through 9. I want to give it a string like 993939d and have it return false. Any help would be appreciated.
Thank you.
-
d3ad1ysp0rk
- Forum Donator
- Posts: 1661
- Joined: Mon Oct 20, 2003 8:31 pm
- Location: Maine, USA
The best way would probably be regex, but another way is:
I believe there are some string functions that would make this faster.. but oh well.
Anywho, I'd just learn regex if I were you, this is pretty much what it's meant for
Code: Select all
<?php
function checkString($inputString) {
$whiteList = array('0','1','2','3','4','5','6','7','8','9');
$length = strlen($inputString);
for($i = 0; $i < $length; $i++) {
if(!in_array($inputString{$i},$whiteList)){
return false;
}
}
return true;
}
checkString("78387"); //true
checkString("999a36"); //false
checkString(43489); //false (checking Strings, not INTs)
?>Anywho, I'd just learn regex if I were you, this is pretty much what it's meant for
- Maugrim_The_Reaper
- DevNet Master
- Posts: 2704
- Joined: Tue Nov 02, 2004 5:43 am
- Location: Ireland
ctype_digit()
Its easy, simple and fast. It even returns false if a string contains anything but numerical characters.
Honestly before you mash through regex's the ctype functions offer a bit of basic functionality to detect - alphanumeric, alphabetic, numeric, printable-characters, hexadecimals, etc.
Its easy, simple and fast. It even returns false if a string contains anything but numerical characters.
Honestly before you mash through regex's the ctype functions offer a bit of basic functionality to detect - alphanumeric, alphabetic, numeric, printable-characters, hexadecimals, etc.
Maugrim is correct. Using those are very easy, which decreases the chances of us making mistakes..
And although I do not have a lot of experience, I do know that everything that prevents me from making silly mistakes is a good thing 
Code: Select all
<?php
if ( ctype_alpha ($string) ) {
// yoohoo i'm alphabetic
}
if ( ctype_alnum ($string) ) {
// yes I'm letters and or numbers
}
if ( ctype_print ($string) ) {
// i'm all printable!
}
// etc
?>-
d3ad1ysp0rk
- Forum Donator
- Posts: 1661
- Joined: Mon Oct 20, 2003 8:31 pm
- Location: Maine, USA
-
d3ad1ysp0rk
- Forum Donator
- Posts: 1661
- Joined: Mon Oct 20, 2003 8:31 pm
- Location: Maine, USA
Unfortunately ctype is better for that too: http://us2.php.net/manual/en/function.ctype-alnum.phpagtlewis wrote:I needed your help too. I am using the function you recommended to validate alphanumeric strings as well.d3ad1ysp0rk wrote:Oi.. If I had known that you'd always want alpha, numeric, or both, I would have suggested ctype functions as well.
Haha, the only thing mine has going for it is specifying only certain characters.
Yes, the ctype function can sometimes be a bit too restrictive. For example, if you let someone pick a username or password, maybe you would like to be able to let them use some characters like dots, underscores etc as well.the only thing mine has going for it is specifying only certain characters
Code: Select all
<?php
$pattern = '/^[-A-Z0-9\.\'"_ ]*$/i';
if ( preg_match($pattern, $testme) ) {
// yea i'm allowed
}
?>- Maugrim_The_Reaper
- DevNet Master
- Posts: 2704
- Joined: Tue Nov 02, 2004 5:43 am
- Location: Ireland
Ideally you should the ctype functions for the most basic checks. Regular Expressions can then be used for exceptions to these standard types - for example usernames where space/hyphen/underscore are also valid would need a regex since its an exception to what's covered by the ctype functions.
Email is another one - it's advised to use a liberal email regex (people can have weird email addresses not covered by many of the commonly recommended regular expressions).
Email is another one - it's advised to use a liberal email regex (people can have weird email addresses not covered by many of the commonly recommended regular expressions).