Member Avatar for OmniX

Before you use input, it is a good idea to validate it for mailicous content before use.

So you would make a function validation, which would then contain what validations checks?
- mysql_real_escape_string
- addslashes / stripslashes
- get_magic_quotes_gpc
- html_entities
- etc

Anything else you think I should or shouldnt be checking?

Test code:

function valid($value) {
 mysql_real_escapte_string($value);
 stripslashes($value);
 // etc ($value)
 // etc ($value)
 return $value;
}

Thanks, Regards X

Note: Assumption is the variable is being inputted into a database

  • 4 Contributors
  • 9 Replies
  • 110 Views
  • 12 Hours Discussion Span
  • Latest Post Latest Post by OmniX
Member Avatar for nav33n

Apart from that, If you are sure that the 'input' is an integer, you can validate it using is_numeric .

Member Avatar for OmniX

Ill add is_numeric nav, thanks.

Anything else?

Trying to throw around ideas before I create a function, correction attempt to :D

Member Avatar for cwarn23

You can also preg_match a specific set of characters/letters/numbers so that if certain characters are found in the string that should never exist then it would fail the function test. An example is the following that checks if characters other than A-Z a-z 0-9 +-/\* are found. So the example is:

<?
if (preg_match('/[^a-zA-Z0-9+-/\*]/is',$value)) {
return false;
} else {
return true;
}
?>

So to place that in your script it would be the following:

<?
function valid($value) {
mysql_real_escapte_string($value);
if (preg_match('/[^a-zA-Z0-9+-/\*]/is',$value)) {
return false;
} else {
return true;
}
}
?>

So basically you can decide what characters are and are not allowed except for the \ and ^ character which is used in the mysql_real_escape_string. Also note that the ^ character must be right after the bracket.

commented: Nice code as usual, keep it up! +2
Member Avatar for OmniX

Nice little function cwarn, thanks.

So implementing cwarn function with the mysql commands, there not much else left to validate against eh?

Member Avatar for cwarn23

Kinda but if you do use the * symbol (maybe a few others to) then you may want to check what surrounds it because I have heard that there are a few weard combinations that when placed into the date() function it can delete your website. I only briefly came across that but would need to search the web for more info if you would like it. Generally though that should do the trick.

Member Avatar for danielpataki

I know this is a bit basic, but for many fields, where the user inputs longer data (subject line, or textarea input), I always use the function trim() to delete all whitespaces and line breaks before and after the text. This isn't exactly mailicous, but useful to me nevertheless.

I also use substr_count() to check to see if a specific keyword is in a string more than X times. I create an array of words like "viagra" and so on, and I check to see if it's in the string more than twice. If it is, then I just don't accept it.

Member Avatar for OmniX

ya nice input, there is like a few of what i know of that form of validation:
- html
- javascript
- php

Member Avatar for cwarn23

ya nice input, there is like a few of what i know of that form of validation:
- html
- javascript
- php

Could you explain in more detail and make the question a little more clearer. All that I can tell is that you might want a php and javascript script that might validate a html form. What I don't know is how it's to be validated and what is to be validated and not even sure if that question i pieced together is correct.

Member Avatar for OmniX

Oh na isnt a question, just a statement. That you can use those technologies for similar validation(other topics for that validation).

On a side note can you please order 2 of those computers on your wish list :D

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.