smiley Posted September 15, 2015 Share Posted September 15, 2015 Hey,I am trying to code a form validation but i get a problem with the function "input_check()" on w3 website especially with the trim command. It don't trim anything.$name = test_input($_POST["name"]);function test_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $;}echo $name;I am thankful about any help. Link to comment Share on other sites More sharing options...
Chikwado Posted September 15, 2015 Share Posted September 15, 2015 (edited) return $; } which is wrong. Write exactly what you see on the tutorial. Don't just write one parameter and start testing. View Exampe Here Edited September 15, 2015 by Chikwado Link to comment Share on other sites More sharing options...
smiley Posted September 15, 2015 Author Share Posted September 15, 2015 Sorry that was a copy and Paste mistake.I also tried the example on w3 school but it doesn't work.The trim Command don't delete n,t,r, etc. Link to comment Share on other sites More sharing options...
dsonesuk Posted September 15, 2015 Share Posted September 15, 2015 Unless you specify what charaters to trim as a parameter as shown here http://php.net/manual/en/function.trim.php, trim($data) by default will only trim spaces. Link to comment Share on other sites More sharing options...
smiley Posted September 15, 2015 Author Share Posted September 15, 2015 Ah okay thanks! Link to comment Share on other sites More sharing options...
justsomeguy Posted September 15, 2015 Share Posted September 15, 2015 It trims more than spaces by default, it trims whitespace: Without the second parameter, trim() will strip these characters:" " (ASCII 32 (0x20)), an ordinary space."t" (ASCII 9 (0x09)), a tab."n" (ASCII 10 (0x0A)), a new line (line feed)."r" (ASCII 13 (0x0D)), a carriage return."0" (ASCII 0 (0x00)), the NUL-byte."x0B" (ASCII 11 (0x0B)), a vertical tab.Note that trim only trims whitespace from the beginning and end of a string. It will not remove characters from the middle (characters between any non-whitespace or non-trimmed character). Link to comment Share on other sites More sharing options...
smiley Posted September 15, 2015 Author Share Posted September 15, 2015 If i use trim on $_POST it trim only whitespaces. It ignores the rest that is my Problem.Should i use something else instead of trim for a secure validation? Link to comment Share on other sites More sharing options...
justsomeguy Posted September 15, 2015 Share Posted September 15, 2015 Trim has nothing to do with security. Maybe you need to show some examples of what you're trying to do and why exactly you think trim isn't working for you. Link to comment Share on other sites More sharing options...
smiley Posted September 16, 2015 Author Share Posted September 16, 2015 (edited) If i use trim on a string it strip all characters you post … for example:  $name = nMax Mustermann; echo trim($name);  output: Max Mustermann  but with $_POST it strips only whitespaces … for example:  <input type="text" name="name" /> // nMax Mustermann  $name = $_POST["name"]; echo trim($name);  output: nMax Mustermann  I am trying to avoid line breaks etc. Edited September 16, 2015 by smiley Link to comment Share on other sites More sharing options...
smiley Posted September 16, 2015 Author Share Posted September 16, 2015 (edited) I am thankful for any help, link, tutorial etc. to secure my contact form! Edited September 16, 2015 by smiley Link to comment Share on other sites More sharing options...
dsonesuk Posted September 16, 2015 Share Posted September 16, 2015 What does it show BEFORE filtering when viewed using view source NOT directly from webpage itself. Link to comment Share on other sites More sharing options...
dsonesuk Posted September 16, 2015 Share Posted September 16, 2015 Hang on! how can you enter a newline or return character within input type text? entering 'nMax Mustermann' its just treated as text, it will probably remove slash but rest will treated as text unless you are doing it dynamically, but there again it seems to work. example below. <!DOCTYPE html><!--To change this license header, choose License Headers in Project Properties.To change this template file, choose Tools | Templatesand open the template in the editor.--><html> <head> <meta charset="UTF-8"> <title></title> </head> <body> <?php $name = $name2 = ""; $name = "n" . 'MasterPlan ' . "nrt"; //$name = 'MasterPlan'; $name2 = 'nMasterPlan '; function test_input($data) { //$data = trim($data, 'n'); //will remove textual character $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; } if (isset($_POST["name"]) && isset($_POST["name2"])) { $name = test_input($_POST["name"]); $name2 = test_input($_POST["name2"]); echo 'xxx' . $name . 'xxx<br>'; echo 'xxx' . $name2 . 'xxx<br>'; } ?> <form action="#" method="post"> <input name="name" type="text" value="<?php echo $name; ?>"> <input name="name2" type="text" value="<?php echo $name2; ?>"> <input type="submit"> </form> </body></html> Link to comment Share on other sites More sharing options...
smiley Posted September 16, 2015 Author Share Posted September 16, 2015 Thanks! I will test it. ?? Link to comment Share on other sites More sharing options...
Chikwado Posted September 16, 2015 Share Posted September 16, 2015 @smiley Sorry that was a copy and paste mistake, I also try w3schools exampe but it does not work what do you mean by it does not work? Example of the page are here The File and the code are here The code do not say it does not work, You failed to create it. Link to comment Share on other sites More sharing options...
smiley Posted September 16, 2015 Author Share Posted September 16, 2015 (edited) I mean with "does not work":Normally i thought that trim strips "n". But if i enter in the input field name: "Maxn" the result is "Maxn". You can also test it. It strips not completely "n" only slash and that was irritating! Edited September 16, 2015 by smiley Link to comment Share on other sites More sharing options...
dsonesuk Posted September 16, 2015 Share Posted September 16, 2015 Its not perceived as line break, its treated as text string so its ignored, its not trim() removing slash its stripslashes().  As stated in example  $data = trim($data, 'n');  will trim/remove text string of 'n' if found its not a line break. Link to comment Share on other sites More sharing options...
smiley Posted September 16, 2015 Author Share Posted September 16, 2015 Ok, thanks for your help! Link to comment Share on other sites More sharing options...
justsomeguy Posted September 16, 2015 Share Posted September 16, 2015 Use a textarea instead of a regular single-line input if you want to actually type and submit real line breaks. Typing "n" does not submit a line break, it submits the text "n", which is not whitespace. In PHP you can use var_dump to print the variable to see what it is, which will show you the data type and also the length if it is a string, and it will quote the value so you can see exactly where it starts and ends. Link to comment Share on other sites More sharing options...
smiley Posted September 16, 2015 Author Share Posted September 16, 2015 would it work with str_replace instead of trim? Link to comment Share on other sites More sharing options...
justsomeguy Posted September 16, 2015 Share Posted September 16, 2015 If you're trying to remove the text "n" then yes, you can use str_replace. Link to comment Share on other sites More sharing options...
smiley Posted September 16, 2015 Author Share Posted September 16, 2015 Can you show me an example how to use the command right please .. Link to comment Share on other sites More sharing options...
smiley Posted September 16, 2015 Author Share Posted September 16, 2015 (edited) and have you other good Information for a secure contact form Edited September 16, 2015 by smiley Link to comment Share on other sites More sharing options...
justsomeguy Posted September 17, 2015 Share Posted September 17, 2015 What happens with the information submitted in the form? If you're using submitted information in email headers like from or subject, then you need to validate any of that information to make sure that it doesn't include extra information to send to other people or insert a spam message. Checking for newlines in those values will help. If you're displaying the information on a web page then you need to sanitize it to remove HTML tags or check for malicious injection attempts, or maybe just escape everything. If it's going in a database then, like all other data from a user that you put into a database, you should use a prepared statement and add the data as parameters. Link to comment Share on other sites More sharing options...
smiley Posted September 18, 2015 Author Share Posted September 18, 2015 thanks ?? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now