sweetsam Posted April 6, 2009 Share Posted April 6, 2009 Folks, what do you use or recommend for input data validation... built in php filters or custom regex ? Link to comment Share on other sites More sharing options...
0 Andrew Lyle Global Moderator Posted April 6, 2009 Global Moderator Share Posted April 6, 2009 depends on the information you want to verify... are you trying to verify simple things like.. length of characters, casing, birthday verification etc etc.. or something as username verification, database validation etc etc. Link to comment Share on other sites More sharing options...
0 sweetsam Posted April 6, 2009 Author Share Posted April 6, 2009 Say all of that. Link to comment Share on other sites More sharing options...
0 nvme Posted April 6, 2009 Share Posted April 6, 2009 it really depends on the pattern. if it's simple enough (ie it must contain a value or it must be at least 5 characters and i dont care what the characters are) i use built in php functions like strlen() or empty(). it's it's more complex (ie it must be a valid email address) i use regular expressions. as for stuff going into the database i always sanitize the data using the appropriate sql escaping functions... mysql_real_escape_string() for the mysql extension and the bindParam()/bindValue() functions for pdo. if you're dealing with html, depending on what you want the end result to be, i generally use htmlentities(), strip_tags(), or if i want to retain valid html html purifier. Link to comment Share on other sites More sharing options...
0 QuickSort Posted April 6, 2009 Share Posted April 6, 2009 verify simple things like.. length of characters, casing, birthday verification etc etc.. @"Say all of that." To check if a string is over 3 characters I would use the following code: <?php $str = 'hello'; if (isset($str{3})) echo 'String is over 3 chars'; else echo 'String is not over 3 chars'; ?> For birthday validation for example to check if a user is over 18 I would use the following code*: <?php $year = 1998; $month = 12; $day = 28; //check if the user is above 18 if (mktime(0, 0, 0, $month, $day, $year)<time()-60*60*24*365*18) { echo 'user is 18+'; } else echo 'user is under 18'; ?> * may not be right, I haven't checked the code yet properly for validating emails I use regular expressions, but you could validate the existence of the email by checking that the domain exists using various other methods hope that helps, the code above probably can be cleaned and fixed up :) Link to comment Share on other sites More sharing options...
0 AnthonySterling Posted April 6, 2009 Share Posted April 6, 2009 I prefer something a little more structured, here's an OOP implementation of mine. Base Object <?php /** * Description of Validator * * @author Administrator */ abstract class Validator { private $aOptions; private $sError = null; /** * * @param Array $aOptions */ public function __construct($aOptions = array()) { $this->aOptions = $aOptions; } /** * * @param String $sName * @param Mixed $mValue */ public function setOption($sName, $mValue) { $this->aOptions[$sName] = $mValue; } /** * * @param String $sName * @return Mixed */ public function getOption($sName) { return $this->aOptions[$sName]; } /** * * @param String $sError */ protected function setError($sError) { $this->sError = $sError; } /** * * @return String */ public function getError() { return $this->sError; } abstract public function isValid($mSubject); } ?> MySQLDateFormatValidator <?php /** * Description of MySQLDateFormatValidator * * @author Administrator */ class MySQLDateFormatValidator extends Validator { public function isValid($mSubject) { if(10 === strlen($mSubject)) { if(1 === preg_match('~^([1-9][0-9]{3})-(0?[1-9]|1[0-2])-(0?[1-9]|[1-2][0-9]|3[0-1])$~', $mSubject)) { return true; } } $this->setError('The value supplied does not appear to be provided in the MySQL Date format.'); return false; } } ?> StringLengthValidator <?php /** * Description of StringLengthValidator * * @author Administrator */ class StringLengthValidator extends Validator { public function isValid($mSubject) { if(strlen($mSubject) >= $this->getOption('min')) { if(strlen($mSubject) <= $this->getOption('max')) { return true; } $this->setError(sprintf('The value supplied is too long. (Maximum: %s characters)', $this->getOption('max'))); return false; } $this->setError(sprintf('The value supplied is too short. (Minimum: %s characters)', $this->getOption('min'))); return false; } } ?> From here, it's a few lines of code... <?php $oValidator = new MySQLDateFormatValidator(); if($oValidator->isValid('12/01/2009 12:34pm')) { #proceed } else { echo $oValidator->getError(); } ?> Link to comment Share on other sites More sharing options...
0 sweetsam Posted April 7, 2009 Author Share Posted April 7, 2009 Thanks everybody for your input. :) Link to comment Share on other sites More sharing options...
0 Kudos Veteran Posted April 8, 2009 Veteran Share Posted April 8, 2009 Like Quicksort mentioned, I use dns checking on email addresses, the following should work on anything but windows. checkdnsrr("domain.com", "MX"); Link to comment Share on other sites More sharing options...
Question
sweetsam
Folks, what do you use or recommend for input data validation... built in php filters or custom regex ?
Link to comment
Share on other sites
7 answers to this question
Recommended Posts