Hello
I have information comming from a form to the process below. the process validates user input
using preg_match found in a function (valid.php) before inserting into a mysql database.
This is my first attempt to use preg_match to validate user input and may have coded it incorrectly.
The database inserting works.
The problem is when a illegal character like @ 0r # is placed in the form preg_match is not catching the illegal characters and triggering the warning message.
Process
<?php
include("../valid.php);//
/*** arrays passed from the form with selected service variables ***/
$code1_id = $_POST['fee1_choice']; //array of code_id primary key
$fee1_unit = $_POST['fee1_unit'];//array with the number of units
$fee1_money = $_POST['fee1_money'];//array selected fee
//filter array index
$fee_unit = array_filter($fee_unit);
$fee_money = array_filter($fee_money);
$indices1 = array_keys($code_id);
foreach($indices1 as $index1)
{
//individual value validation from 3 arrays
$code_id[$index1];
$fee_unit[$index1];
$fee_money[$index1];
//validate unit
$field_name = $fee_unit[$index1];//assign field to array for function
check_unit_field($field_name);//funtion to validate user entered numbers or message sent
//validates money
$field_name = $fee_money[$index1];//assign field to array for function
check_money_field($field_name);//function validate the user entered characters are number or message sent
required_field($field_name);//function check required field is not empty
//insert query goes here
}
?>
Validation Function
<?php
valid.php
//function to validate units
function check_unit_field($field_name)
{
if(empty($field_name) || $field_name == 0 || preg_match("/^[0-9\. ]+$/", strip_tags(trim($field_name))))
{
return TRUE;
}
else
{
illegal_num_character_message();//dislpay illegal character entered message
return FALSE;
exit();
}
}
//function to validate money
function check_money_field($field_money)
{
if(empty($field_money) || $field_money == 0 || preg_match("/^[0-9\. ]+$/", strip_tags(trim($field_money))))
{
return TRUE;
}
else
{
illegal_num_character_message();//dislpay illegal character entered message
return FALSE;
exit();
}
}
?>