Hello, Simon....
"Simon H" wrote in message...
> I'm trying to validate an input form, for database INSERT/UPDATE. I'm
> looking for a couple of Techniques and I cant seem to find examples
> anywhere:
>
> 1. Validate Alpha Text with spaces, such as NAME, CITY, STATE, but limit
the
> length of each one separately, and remove unwanted characters like
> '@!"�$%^&*() etc that might mess with the SQL.
Alright, clearup before you insert. That's my first bit of advice.....
Here's a function for you.
function ClearUnwanteds($string) {
$string = preg_replace("/[^a-zA-Z0-9 ]/", $string);
$string = trim($string);
return $string;
}
This will replace (when invoked, like this: $string =
ClearUnwanteds($string) ) the characters you don't want, and then trim the
string. Then you can do:
if (strlen($string) < /*enter minimum characters*/) {
// error
}
> 2. As above but alphanumeric with spaces etc. for say ADDRESS1 ADDRESS2
> POSTCODE, etc.
Hmm.. isn't that what you wanted for your previous problem?
> 3. Validate DATE/TIME input to DD-MM-YYYY HH:MM:SS or D-M-YYYY H:M:S, or
any
> combination, but only allow valid dates and times, or as close to it as
> possible.
You should pick a format, and stick to it, then form a function around the
format you've chosen - or look up some classes available for use on the net.
Since you're storing the data in a MySQL database, you may as well check the
date in the format it's stored in your db in the date (YYYY-MM-DD) or
datetime (YYYY-MM-DD HH:MM:SS) formats MySQL uses.... I would go for select
boxes with the day, month and year specified, then use something like
checkdate() to check the date.... on these variables, then "merge" them
(can't think of a better word) to form your date - i.e.
if (CheckDate($month, $day, $year)) {
// -- if ok, $date = $year . "-" . $month . "-" . $day;
} else {
// failure
}
I have formed some functions that I've made available (somewhere), if you
need them I can probably drag them out and give you the urls.
> 4. Validate MONEY input...numeric with 2 decimal places only.
What currency? You're using a UK email address, but you've specified
"STATE" in one of your other regex "wanteds", which is more typical of the
US address format.
> Also, what is the best way to allow some fields to be empty, like
ADDRESS2,
> but if they have data, then validate it.
if (!emtpy($field)) {
// perform validation.
}
???
> I've tried several times to do these myself using eregi, but when I test
it,
> the validation fails in some way...I'm shooting in the dark tho, and don't
> really understand regex just yet, or probably the majority of PHP for that
> matter.
Well, ok. But that's what you're here for, right? :)
> Thankfully I've got an email one... it was easy to find, since that's what
> all examples are geared for. My application is for updating a DB with
SQL,
> and I cant find anything suitable.
Then your'e looking in the wrong places (and more specifically, looking at
things from the wrong perspective - regex's can be applied to pretty much
anything (though, there are occassions when using them is overkill))!
> If there is any other advice for data input into DB's regarding security,
> I'd really to hear it.
bvr's advice is good - read up on what he's suggested. :) Oh, and there are
the manual entries (for which I've forgotten the addresses).
Good luck!
~James
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
