Jump to content

Validating/filtering The Data


Guest FirefoxRocks

Recommended Posts

Guest FirefoxRocks

On the W3Schools site, PHP filters are introduced to validate data coming from insecure sources (user, cookies, etc.) The syntax is like this:

if (!filter_input(INPUT_POST, 'clsid', FILTER_VALIDATE_INT))   {   echo "Invalid class ID";   } else   {   // do something   }

Right now I'm using:

if(isset($_POST["clsid"]) && is_numeric($_POST["clsid"]) && !empty($_POST["clsid"])){	$class = $_POST["clsid"];}else {	die("<p class='error'>Error! Invalid author. Please contact the website adminstrator.</p>");}

Which one is better?Also, with regular expressions, why isn't this working?

if(preg_match('/[^A-Z0-9_\.]/i', $_POST["user"])) {	die("<p>Error! Invalid username. Usernames can only contain alphanumeric characters (A-Z, 0-9), underscores (_) and dots (.)");}else {	$username = $_POST["user"];}

Link to comment
Share on other sites

If there's a suitable filter for whatever you're trying to achieve, it could be worth using it... performance wise that is... since you have only one function call, instead of several. If there's a filter equivalent to a single function call... it becomes a matter of preference... I'd choose not to use filter in that case.For the regex, try to use a negative lookadead with a positive range:

if(preg_match('/(?![A-Z0-9_\.])/i', $_POST["user"]))

I think what you have already should work, but try that non the less.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...