Jump to content

Validation Problem


ccpokerd
 Share

Recommended Posts

http://digitaldisguise.net/cs/www/Hey all, i am having 2 problems at the moment.Basically I am creating a simple sign-up form, they put in their name and email address, they both get validated, sent an email and stored in a db.I am having trouble with my validation.Firstly, script security.the script which processes it:
if (!isset($_POST['submit'])) {	header("Location:../index.php");}

Even if i go directly to the script in my browser, it doesn't return me, it DID, but then it just stopped working.Secondly, the name validation, I want it so that ONLY upper or lower alphabetical characters are accepted (and space and "-") (no symbols or numbers):isName only returns 0 if the first character ISNT a letter...so if i type in "A*@^E^@YHE" into the name field, it will return 1..but if i type in "@*#&@AJABDA" it returns 0...why is this?anyway:

function isName($value) {	return eregi('^([a-zA-Z-])', $value);}if (empty($_POST['name']) || (isName($_POST['name']) == 0) || (trim($_POST['name']) == '')) {	$_SESSION['name_error'] = "<div class=\"error\">Please enter a valid name.</div>";	$error = true;	$_SESSION['name'] = $_POST['name'];}

The email validation works fine...if it helps, my form code is:

		<form action="includes/subscribe.php" method="post">		<p>		Name: <input name="name" type="text" size="30" maxlength="50" value="<?php if(isset($_SESSION['name'])) { echo $_SESSION['name']; } ?>" />		<?php if(isset($_SESSION['name_error'])) { echo $_SESSION['name_error']; } ?>		</p>		<p>		Email:  <input name="email" type="text" size="30" maxlength="50" value="<?php if(isset($_SESSION['email'])) { echo $_SESSION['email']; } ?>" />		<?php if(isset($_SESSION['email_error'])) { echo $_SESSION['email_error']; } ?>		</p>		<p>		<input name="submit" type="submit" value="Sign Up" />		</p>		</form>

I just can't figure out why it lets me input anything into the NAME field and not give me an error...thanks all

Edited by ccpokerd
Link to comment
Share on other sites

1. Do not use eregi or any other POSIX-based regex functions, since they will be removed in PHP 6. They are deprecated as of 5.3, which you may already be using if your host is up to snuff.2. I don't think you want a case-insensitive match. That's the i in eregi. (You could go with case-insensitive, but then you don't need to specify both character ranges in your [braces].3. Anyway, use preg_match instead. You can always add the i operator to the /expression/i4. Your current expression matches only the first character because that is what ^ means at the beginning of a regex. You may have seen it mean NOT in some expressions. For that to work it has to be inside the [^braces] .5. That reverses the logic, though (which is actually what you want). So try something like this:

function invalidName ($value) {   $re = '/[^a-zA-Z]/';   return preg_match($re, $value);}

This is the typical technique. Make a list of valid characters, and then look for anything that does NOT match the list. (You could always double-reverse the logic with an additional ! operator somewhere.)

Edited by Deirdre's Dad
Link to comment
Share on other sites

1. Do not use eregi or any other POSIX-based regex functions, since they will be removed in PHP 6. They are deprecated as of 5.3, which you may already be using if your host is up to snuff.2. I don't think you want a case-insensitive match. That's the i in eregi. (You could go with case-insensitive, but then you don't need to specify both character ranges in your [braces].3. Anyway, use preg_match instead. You can always add the i operator to the /expression/i4. Your current expression matches only the first character because that is what ^ means at the beginning of a regex. You may have seen it mean NOT in some expressions. For that to work it has to be inside the [^braces] .5. That reverses the logic, though (which is actually what you want). So try something like this:
function invalidName ($value) {   $re = '/[^a-zA-Z]/';   return preg_match($re, $value);}

This is the typical technique. Make a list of valid characters, and then look for anything that does NOT match the list. (You could always double-reverse the logic with an additional ! operator somewhere.)

Thanks, I got it working perfectly :)I also managed to do the one for the email
function isEmailAddress($value) {	$re = '/^([a-z0-9])+([\.a-z0-9_-])*@([a-z0-9_-])+(\.[a-z0-9_-]+)*\.([a-z]+)$/';	return preg_match($re, $value);}function isName($value) {   $re = '/[^a-zA-Z\s-]/';   return preg_match($re, $value);}

thanks for your help :)

Edited by ccpokerd
Link to comment
Share on other sites

You can just add a space and hyphen to the pattern at the end, if the hyphen is the last character in the brackets then it considers that a literal hyphen character instead of defining a character range.If you've got at least PHP 5.2, you can use filter_var to check for an email address:

function isEmailAddress($value) {  return filter_var($value, FILTER_VALIDATE_EMAIL) !== false;}

Link to comment
Share on other sites

Sorry about dropping those characters. Add them as jsg explains. And do use the filter he mentioned if you can. If not, the only thing I notice wrong with your regex is that it would need the i modifier after the final slash to make it case insensitive. If you tried it out with addresses that contained uppercase characters, it certainly would have failed.

Link to comment
Share on other sites

You can just add a space and hyphen to the pattern at the end, if the hyphen is the last character in the brackets then it considers that a literal hyphen character instead of defining a character range.If you've got at least PHP 5.2, you can use filter_var to check for an email address:
function isEmailAddress($value) {  return filter_var($value, FILTER_VALIDATE_EMAIL) !== false;}

haha thanks, sorry I didn't see your post before I edited mine.I got it all working fine now anyway.My server uses 5.2.8 btw But i think i'll stick with preg_match and not filter_var because i don't know what the publish server will have on it.
Link to comment
Share on other sites

haha thanks, sorry I didn't see your post before I edited mine.I got it all working fine now anyway.My server uses 5.2.8 btw But i think i'll stick with preg_match and not filter_var because i don't know what the publish server will have on it.
yes, thanks for that diedre's dad :)
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...