Hi Drouet, I've been asking about this too and here's what I've been working
on. It checks for letters, numbers, puncuation, and max and min length. I
was told any of the puncation was safe as long as you addslashes before you
put it into the database.
function check_input($user_input, $min=0, $max=0, $text=false,
$number=false, $special=false)
{
$pattern = "";
if ($text) $pattern .= "a-zA-Z";
if ($number) $pattern .= "0-9";
if ($special) $pattern .=
'�-��-��-�[:space:]\~\!\[\]\`\@\#\$\%\^\&\*\(\)\_\+\-\=\\\\{\}\|\:\"\;\'\<\>
\?\,\.\/';
$regexp = '/^['.$pattern.']*$/i';
if( preg_match($regexp, $user_input) && strlen($user_input) <= $max &&
strlen($user_input) >= $min )
echo "it passes";
else
echo "didn't pass";
}
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: April 24, 2002 3:49 AM
To: [EMAIL PROTECTED]
Subject: [PHP] validating user input
Hi the M.L.
I have to validate forms user inputs before the construction of my query to
my Oracle DB
Does anybody know the list of characters that should be rejected (for
example ;) ?
Do you have a function to validate it ?
regards
Laurent Drouet
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
