Re: I need help - Newbie stuck ( php check form input )

On Jul 23, 8:49 am, transpar3nt <caspergho...@xxxxxxxxx> wrote:
On Jul 22, 7:04 am, Peter <pete.ivesAll_stR...@xxxxxxxxxxxxxxxx>
wrote:



In article <451566ee-2a23-4eee-b05d-
fd3f02e38...@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>, ptmcna...@xxxxxxxxxxxxxx
says...

I stand corrected. Of course a single space would pass the test.
However, even with trim() any single character would also pass the
test and is unlikely to be the correct input. I agree further
validation of the data before insert into a database would be a very
good idea, but for flow control the methodology is sound.

Besides, wouldn't the data provided by the user then be compared to
known user_ids or usernames in the database and then, if found to be
incorrect, the user would be told to re-enter either username or id
again.  So does it make a difference if any leading spaces were
accidentally included to this working correctly?

--
Pete Ives
Remove All_stRESS before sending me an email

It does matter because if you allow that extra space but the user
doesn't realize they put it there upon signup, they may never be able
to directly retrieve the username again (assuming it will be used to
log in with an exact match to the database, which should be good
practice).

One side-note, if you are needing to validate just an integer input
(such as for the user ID) and make it safe in the database at the same
time, I use intval to check it... e.g.

$user_id = intval($_POST['user_id']);
if ($user_id > 0) {
  [here it's safe to enter into the DB]

}

If the user entered a string then intval will give it a value of 0
So as long as that value is greater than 0 then you know they entered
an integer, all you need from there is to validate it to existing db
values... etc.

Anyone have comment as to if this is good practice (or am I missing
something big here?)

 - Keith Wolf

Have you seen the function is_numeric() This may also be useful.
.

Relevant Pages

  • Re: I need help - Newbie stuck ( php check form input )
    ... test and is unlikely to be the correct input. ... validation of the data before insert into a database would be a very ... to directly retrieve the username again (assuming it will be used to ... if you are needing to validate just an integer input ...
    (comp.lang.php)
  • Re: A question about asp.net Validator
    ... I> need to validate two things on UserName box,> 1. ... It must be a valid user in our database. ... I have a server validate function which will process the rule 2. ...
    (microsoft.public.inetserver.asp.general)
  • Re: I need help - Newbie stuck ( php check form input )
    ... test and is unlikely to be the correct input. ... validation of the data before insert into a database would be a very ... Pete Ives ... to directly retrieve the username again (assuming it will be used to ...
    (comp.lang.php)
  • A question about validator!
    ... I want to write a login.aspx page, for example, there is UserName box. ... It must be a valid user in our database. ... I have a server validate function which will process the rule 2. ...
    (microsoft.public.dotnet.framework.aspnet.webcontrols)
  • A question about asp.net Validator
    ... I want to write a login.aspx page, for example, there is UserName box. ... It must be a valid user in our database. ... I have a server validate function which will process the rule 2. ...
    (microsoft.public.inetserver.asp.general)