Validation Problem

[ccpokerd]

http://digitaldisguise.net/cs/www/Hey all, i am having 2 problems at the moment.Basically I am creating a simple sign-up form, they put in their name and email address, they both get validated, sent an email and stored in a db.I am having trouble with my validation.Firstly, script security.the script which processes it:

if (!isset($_POST['submit'])) {	header("Location:../index.php");}

Even if i go directly to the script in my browser, it doesn't return me, it DID, but then it just stopped working.Secondly, the name validation, I want it so that ONLY upper or lower alphabetical characters are accepted (and space and "-") (no symbols or numbers):isName only returns 0 if the first character ISNT a letter...so if i type in "A*@^E^@YHE" into the name field, it will return 1..but if i type in "@*#&@AJABDA" it returns 0...why is this?anyway:

function isName($value) {	return eregi('^([a-zA-Z-])', $value);}if (empty($_POST['name']) || (isName($_POST['name']) == 0) || (trim($_POST['name']) == '')) {	$_SESSION['name_error'] = "<div class=\"error\">Please enter a valid name.</div>";	$error = true;	$_SESSION['name'] = $_POST['name'];}

The email validation works fine...if it helps, my form code is:

		<form action="includes/subscribe.php" method="post">		<p>		Name: <input name="name" type="text" size="30" maxlength="50" value="<?php if(isset($_SESSION['name'])) { echo $_SESSION['name']; } ?>" />		<?php if(isset($_SESSION['name_error'])) { echo $_SESSION['name_error']; } ?>		</p>		<p>		Email:  <input name="email" type="text" size="30" maxlength="50" value="<?php if(isset($_SESSION['email'])) { echo $_SESSION['email']; } ?>" />		<?php if(isset($_SESSION['email_error'])) { echo $_SESSION['email_error']; } ?>		</p>		<p>		<input name="submit" type="submit" value="Sign Up" />		</p>		</form>

I just can't figure out why it lets me input anything into the NAME field and not give me an error...thanks all

[jeffman]

1. Do not use eregi or any other POSIX-based regex functions, since they will be removed in PHP 6. They are deprecated as of 5.3, which you may already be using if your host is up to snuff.2. I don't think you want a case-insensitive match. That's the i in eregi. (You could go with case-insensitive, but then you don't need to specify both character ranges in your [braces].3. Anyway, use preg_match instead. You can always add the i operator to the /expression/i4. Your current expression matches only the first character because that is what ^ means at the beginning of a regex. You may have seen it mean NOT in some expressions. For that to work it has to be inside the [^braces] .5. That reverses the logic, though (which is actually what you want). So try something like this:

function invalidName ($value) {   $re = '/[^a-zA-Z]/';   return preg_match($re, $value);}

This is the typical technique. Make a list of valid characters, and then look for anything that does NOT match the list. (You could always double-reverse the logic with an additional ! operator somewhere.)

[ccpokerd]

1. Do not use eregi or any other POSIX-based regex functions, since they will be removed in PHP 6. They are deprecated as of 5.3, which you may already be using if your host is up to snuff.2. I don't think you want a case-insensitive match. That's the i in eregi. (You could go with case-insensitive, but then you don't need to specify both character ranges in your [braces].3. Anyway, use preg_match instead. You can always add the i operator to the /expression/i4. Your current expression matches only the first character because that is what ^ means at the beginning of a regex. You may have seen it mean NOT in some expressions. For that to work it has to be inside the [^braces] .5. That reverses the logic, though (which is actually what you want). So try something like this:

function invalidName ($value) {   $re = '/[^a-zA-Z]/';   return preg_match($re, $value);}

This is the typical technique. Make a list of valid characters, and then look for anything that does NOT match the list. (You could always double-reverse the logic with an additional ! operator somewhere.)

Thanks, I got it working perfectly :)I also managed to do the one for the email

function isEmailAddress($value) {	$re = '/^([a-z0-9])+([\.a-z0-9_-])*@([a-z0-9_-])+(\.[a-z0-9_-]+)*\.([a-z]+)$/';	return preg_match($re, $value);}function isName($value) {   $re = '/[^a-zA-Z\s-]/';   return preg_match($re, $value);}

thanks for your help

[justsomeguy]

You can just add a space and hyphen to the pattern at the end, if the hyphen is the last character in the brackets then it considers that a literal hyphen character instead of defining a character range.If you've got at least PHP 5.2, you can use filter_var to check for an email address:

function isEmailAddress($value) {  return filter_var($value, FILTER_VALIDATE_EMAIL) !== false;}

[jeffman]

Sorry about dropping those characters. Add them as jsg explains. And do use the filter he mentioned if you can. If not, the only thing I notice wrong with your regex is that it would need the i modifier after the final slash to make it case insensitive. If you tried it out with addresses that contained uppercase characters, it certainly would have failed.

[ccpokerd]

You can just add a space and hyphen to the pattern at the end, if the hyphen is the last character in the brackets then it considers that a literal hyphen character instead of defining a character range.If you've got at least PHP 5.2, you can use filter_var to check for an email address:

function isEmailAddress($value) {  return filter_var($value, FILTER_VALIDATE_EMAIL) !== false;}

haha thanks, sorry I didn't see your post before I edited mine.I got it all working fine now anyway.My server uses 5.2.8 btw But i think i'll stick with preg_match and not filter_var because i don't know what the publish server will have on it.

[ccpokerd]

haha thanks, sorry I didn't see your post before I edited mine.I got it all working fine now anyway.My server uses 5.2.8 btw But i think i'll stick with preg_match and not filter_var because i don't know what the publish server will have on it.

yes, thanks for that diedre's dad