| Re: Simpler way to validate form fields? [message #179793 is a reply to message #179786] |
Wed, 05 December 2012 09:56   |
M. Strobel
Messages: 386
Registered: December 2011
Karma:
|
Senior Member |
|
|
Am 04.12.2012 23:37, schrieb Gilles:
> Hello
>
> If this the best way to validate each and every field in a form, or is
> there a better/simpler way?
>
> http://phpmaster.com/form-validation-with-php/
> (section "Validating the Form Contents")
>
> Sample:
> ========
> $nameErr = $addrErr = "";
> $name = $address "";
>
> if ($_SERVER["REQUEST_METHOD"] == "POST") {
> if (empty($_POST["name"])) {
> $nameErr = "Missing";
> }
> else {
> $name = $_POST["name"];
> }
> etc.
> ========
Too basic. My user input reader is
function getStringFromForm($key, $l=255, $val=null) {
return (isset($_REQUEST[$key])) ?
filter_var(substr($_REQUEST[$key],0,$l), FILTER_SANITIZE_STRING) :
$val;
}
Short explanation:
I have a default length limit, which might stop overflow/overload attacks.
The default value is settable, no coding like: if empty() set to "something".
I read $_REQUEST, because the first thing my dispatcher does is a check for GET/POST,
and POST form values can be as easily manipulated as get values. So EVERY string
input uses this function.
Of course there is a corresponding getEmailFromForm() and getIntFromForm().
/Str.
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]