...

View Full Version : form validation



sudhakararaog
05-29-2008, 08:15 PM
i need to validate a field in a form where a user enters a reference number this can be

letters, numbers and special characters also so i have not written any special preg match as

the username is a combination. the only check i am doing is if there are any white spaces

and if a user simple presses the space bar and does not enter value i display a message to

enter the reference number and even if there are white spaces followed by the reference

number i have used trim method. i have checked in the database even if there are white

spaces followed by reference number due to trim() method the data in the table is being

inserted whithout those white spaces.

following is the code i am presently using


$referencenumber = trim($_POST["referencenumber"]);

if(strlen($referencenumber) == 0)
{
$error.="<li>Reference number cannot be blank </li> <br />";
}


this code works perfectly fine and does what it is supposed to, however i am using

techniques to avoid sql injection. following is the technique i have used


if(get_magic_quotes_gpc())
{
$username = stripslashes($_POST["username"]);
}

else
{
$username = $_POST["username"];
}


due to this even if i use


if(get_magic_quotes_gpc())
{
$lodgementnumber = stripslashes($_POST["lodgementnumber"]);
}

else
{
$lodgementnumber = trim($_POST["lodgementnumber"]);
}

if(strlen($lodgementnumber) == 0)
{
$error.="reference number cannot be blank;
}

the validation is not doing what it does in the code i mentioned at the begining.

i need to use techniques to avoid sql injection and i also need the validation to work.

how can i fix this.

please advice.

thanks.

derzok
05-29-2008, 08:30 PM
I'll be the first to say it: use php tags when posting code! Furthermore, use punctuation when posting anything else. If English is not your first language, I apologize for my previous comment - it can be very difficult to describe computer problems in another language.

Anyway, I use mysql_real_escape_string() to make variables safe for SQL.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum