Guest FirefoxRocks Posted July 17, 2009 Share Posted July 17, 2009 On the W3Schools site, PHP filters are introduced to validate data coming from insecure sources (user, cookies, etc.) The syntax is like this: if (!filter_input(INPUT_POST, 'clsid', FILTER_VALIDATE_INT)) { echo "Invalid class ID"; } else { // do something } Right now I'm using: if(isset($_POST["clsid"]) && is_numeric($_POST["clsid"]) && !empty($_POST["clsid"])){ $class = $_POST["clsid"];}else { die("<p class='error'>Error! Invalid author. Please contact the website adminstrator.</p>");} Which one is better?Also, with regular expressions, why isn't this working? if(preg_match('/[^A-Z0-9_\.]/i', $_POST["user"])) { die("<p>Error! Invalid username. Usernames can only contain alphanumeric characters (A-Z, 0-9), underscores (_) and dots (.)");}else { $username = $_POST["user"];} Link to comment Share on other sites More sharing options...
justsomeguy Posted July 17, 2009 Share Posted July 17, 2009 I don't know if either of those is "better", the first one is newer. Use which ever one makes more sense to you. The regex looks like it should be working. Link to comment Share on other sites More sharing options...
boen_robot Posted July 17, 2009 Share Posted July 17, 2009 If there's a suitable filter for whatever you're trying to achieve, it could be worth using it... performance wise that is... since you have only one function call, instead of several. If there's a filter equivalent to a single function call... it becomes a matter of preference... I'd choose not to use filter in that case.For the regex, try to use a negative lookadead with a positive range: if(preg_match('/(?![A-Z0-9_\.])/i', $_POST["user"])) I think what you have already should work, but try that non the less. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.