I have now created a registeration page, with a form. It posts the info to a new page, and I would like to check I have validated the
Code: Select all
$_POST['$varibles']I have placed all validation functions in thier own include file
Below is the functions:
Code: Select all
// check username format
// $string can be max. 10 chars, and must only contain letters and numbers, no spaces or other chars AT ALL
function check_username_format($string)
{
$pattern = "^[A-Za-z0-9]$";
if preg_match($pattern, $string)
{
if (strlen($string) <= 10 )
{
return true;
}
else
{
return false;
}
}
else
{
return false;
}
}
// check string length to parameters min length and max length
// check $string is within $min and $max boundaries
function check_within_length($string, $min, $max) {
$length = strlen ($string);
if (($length < $min) || ($length > $max))
{
return false;
}
else
{
return true;
}
}
// check password format
// $string can be between 6 and 12 chars long, and must only contain letters and numbers, no spaces or other chars AT ALL
function check_password_format($string)
{
$pattern = "^[A-Za-z0-9]$";
if preg_match($pattern, $string)
{
if (check_within_length($string, '6', '12'))
{
return true;
}
else
{
return false;
}
}
else
{
return false;
}
}
// check email format, taken off web
function check_email_format($email) {
// First, we check that there's one @ symbol, and that the lengths are right
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
// Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
return false;
}
// Split it into sections to make life easier
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++) {
if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {
return false;
}
}
if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2) {
return false; // Not enough parts to domain
}
for ($i = 0; $i < sizeof($domain_array); $i++) {
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
return false;
}
}
}
return true;
}
// check name format
// name can be max 22 chars, letters only but allow '-'
function check_name_format($string)
{
$pattern = "^[A-Za-z]$ | ^[A-Za-z]-[A-Za-z]$";
if preg_match($pattern, $string)
{
if (check_within_length($string, '1', '22'))
{
return true;
}
else
{
return false;
}
}
else
{
return false;
}
}
// check gender
// very basic validation, check string is either 'male' or 'female'
function check_is_gender($string)
{
if (($string != 'male') || ($string != 'female'))
{
return false;
}
else
{
return true;
}
}
// check $input is only digits, return false if not
function check_is_numeric($input) {
if(preg_match("^[0-9]$", $input))
{
return true;
}
else
{
return false;
}
}
// check $input is only letter, return false if not
function check_is_alpha($input) {
if(preg_match ("^[A-Za-z]$", $input))
{
return true;
}
else
{
return false;
}
}
// check input is a day (number i.e. '1-31') of the month
// check is numeric, and then within correct range
function check_daynumber_dob($string)
{
if check_is_numeric($string)
{
if (($string > 31) || ($string < 1))
{
return false;
}
else
{
return true;
}
}
else
{
return false;
}
}
//check month format - 3 letter abv's e.g jan, feb, mar etc...
// first check it only contains letters, then check the string length is only 3
function check_month_dob($string)
{
if check_is_alpha($string)
{
if (check_within_length($string, '3', '3'))
{
return true;
}
else
{
return false;
}
}
else
{
return false;
}
}
// check year is correct format - 4 numbers such as 1956 or 2008
// first check it only contains numbers, and then make sure string length is only 4
function check_year_dob($string)
{
if check_is_numeric($string)
{
if (check_within_length($string, '4', '4'))
{
return true;
}
else
{
return false;
}
}
else
{
return false;
}
}I just need to know if the functions look correct? Are the expressions correctly written?
Here is the page which the varibles get posted to....
Code: Select all
include_once('INCLUDE FILE WITH THE ABOVE FUNCTIONS');
session_start();
$username = check_username_format($_POST['username']);
$passwrd = check_password_format($_POST['psswrd']);
$conpasswrd = check_password_format($_POST['confirmpsswrd']);
$email = check_email_format($_POST['email']);
$fname = check_name_format($_POST['fname']);
$sname = check_name_format($_POST['sname']);
$gender = check_is_gender($_POST['gender']);
$day_dob = check_daynumber_dob($_POST['day']);
$month_dob = check_month_dob($_POST['month']);
$year_dob = check_year_dob($_POST['year']);Thanks