Jump to content

Validating/filtering The Data


Guest FirefoxRocks
 Share

Recommended Posts

Guest FirefoxRocks

On the W3Schools site, PHP filters are introduced to validate data coming from insecure sources (user, cookies, etc.) The syntax is like this:

if (!filter_input(INPUT_POST, 'clsid', FILTER_VALIDATE_INT))   {   echo "Invalid class ID";   } else   {   // do something   }

Right now I'm using:

if(isset($_POST["clsid"]) && is_numeric($_POST["clsid"]) && !empty($_POST["clsid"])){	$class = $_POST["clsid"];}else {	die("<p class='error'>Error! Invalid author. Please contact the website adminstrator.</p>");}

Which one is better?Also, with regular expressions, why isn't this working?

if(preg_match('/[^A-Z0-9_\.]/i', $_POST["user"])) {	die("<p>Error! Invalid username. Usernames can only contain alphanumeric characters (A-Z, 0-9), underscores (_) and dots (.)");}else {	$username = $_POST["user"];}

Edited by FirefoxRocks
Link to comment
Share on other sites

If there's a suitable filter for whatever you're trying to achieve, it could be worth using it... performance wise that is... since you have only one function call, instead of several. If there's a filter equivalent to a single function call... it becomes a matter of preference... I'd choose not to use filter in that case.For the regex, try to use a negative lookadead with a positive range:

if(preg_match('/(?![A-Z0-9_\.])/i', $_POST["user"]))

I think what you have already should work, but try that non the less.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...