A
Anonymous
Guest
There are two ways to do form validation. And only one of them is a for sure way of cleansing.
The first is by using Javascript. But if said browser has JS disabled, then there isn't any validation.
So, using PHP to validate takes up server side resources, but it's the only way to really validate the input.
The first thing I would do is create an array of the items you want to validate.
1. Remember that variables are CaSe sensitive.
2. Create an array of all of the inputs you want to validate.
- ie.. $array = array('dbk_name','fdbk_company','fdbk_email');
3. Then iterate through the array and do a general check and remove nonsense from the input..
ie..
This is a basic cleansing to remove any kind of HTML/PHP/SQL injections.
4. If you want to take it a step further.
$fdbk_name = preg_replace('/[^a-zA-Z\-\']/','',$_POST['fdbk_name']);
// this removes numbers, html special chars and tags, and only leaves the alphabet, a dash and apostrophe.
Check www.php.net/preg_replace for more information on cleaning your other variables.
The email checking/validation will be the trickiest.
The first is by using Javascript. But if said browser has JS disabled, then there isn't any validation.
So, using PHP to validate takes up server side resources, but it's the only way to really validate the input.
The first thing I would do is create an array of the items you want to validate.
1. Remember that variables are CaSe sensitive.
2. Create an array of all of the inputs you want to validate.
- ie.. $array = array('dbk_name','fdbk_company','fdbk_email');
3. Then iterate through the array and do a general check and remove nonsense from the input..
ie..
PHP:
foreach($array as $k => $v) {
$_POST[$k] = trim(strip_tags(mysql_real_escape_string($_POST[$k])));
}
4. If you want to take it a step further.
$fdbk_name = preg_replace('/[^a-zA-Z\-\']/','',$_POST['fdbk_name']);
// this removes numbers, html special chars and tags, and only leaves the alphabet, a dash and apostrophe.
Check www.php.net/preg_replace for more information on cleaning your other variables.
The email checking/validation will be the trickiest.