Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2

Thread: form validation

  1. #1
    Regular Coder
    Join Date
    Sep 2007
    Posts
    137
    Thanks
    1
    Thanked 0 Times in 0 Posts

    form validation

    i need to validate a field in a form where a user enters a reference number this can be

    letters, numbers and special characters also so i have not written any special preg match as

    the username is a combination. the only check i am doing is if there are any white spaces

    and if a user simple presses the space bar and does not enter value i display a message to

    enter the reference number and even if there are white spaces followed by the reference

    number i have used trim method. i have checked in the database even if there are white

    spaces followed by reference number due to trim() method the data in the table is being

    inserted whithout those white spaces.

    following is the code i am presently using
    PHP Code:
    $referencenumber trim($_POST["referencenumber"]);        

    if(
    strlen($referencenumber) == 0)
    {
    $error.="<li>Reference number cannot be blank </li> <br />";

    this code works perfectly fine and does what it is supposed to, however i am using

    techniques to avoid sql injection. following is the technique i have used
    PHP Code:
    if(get_magic_quotes_gpc()) 
    {
    $username stripslashes($_POST["username"]);
    }

    else
    {
    $username $_POST["username"];

    due to this even if i use
    PHP Code:
    if(get_magic_quotes_gpc()) 
    {
    $lodgementnumber stripslashes($_POST["lodgementnumber"]); 
    }

    else
    {
    $lodgementnumber trim($_POST["lodgementnumber"]);        
    }

    if(
    strlen($lodgementnumber) == 0)
    {
    $error.="reference number cannot be blank;

    the validation is not doing what it does in the code i mentioned at the begining.

    i need to use techniques to avoid sql injection and i also need the validation to work.

    how can i fix this.

    please advice.

    thanks.
    Last edited by Inigoesdr; 05-30-2008 at 07:22 AM.

  • #2
    Regular Coder
    Join Date
    May 2008
    Location
    Ohio
    Posts
    231
    Thanks
    3
    Thanked 21 Times in 21 Posts
    I'll be the first to say it: use php tags when posting code! Furthermore, use punctuation when posting anything else. If English is not your first language, I apologize for my previous comment - it can be very difficult to describe computer problems in another language.

    Anyway, I use mysql_real_escape_string() to make variables safe for SQL.
    zok@zoklet:~$ whereis zok
    zok: http://zoklet.net | http://zoklet.net/otg | /derzok/at/gmail/dot/com


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •