Haig Davis wrote:
 Morning All,

I've been figthing with this little problem for two days now, so far no luck
with google and am beginning to question my own sanity.

I have a application that has over one hundred forms some quite lengthy so
what I'm trying to achieve rather than writing a bunch of individual
sanitize statements then form validation statemenst that I could run $_POST
through a foreach loop and filter the values by form class i.e.is it an
emaill addreess or simply a text block with letters and numbers. The regex's
alone work fine as does the foreach loop the only issue I have is the IF
statement comparing $key to expected varieable names.

Heres the bit of code envolved.

        foreach($_POST as $keyTemp => $valueTemp){
            $key = mysqlclean($keyTemp);
            $value = mysqlclean($valueTemp);
            $$key = $key;
            $$key = $value;

            if($key != ("$customerServiceEmail") || ("$billingEmail") ||
                if(preg_match("/[^a-zA-Z0-9\s]/", $value)){
                    $style = "yellow";
                    $formMsg = "Invalid Characters";
                    $bad = $key;

            if($key = ("$customerServiceEmail") || ("$billingEmail")){

                    $style = "yellow";
                    $formMsg = "Invalid Characters";
                    $bad = $key;


Thanks for taking a peek.


1] Pear has several classes that will help you from reinventing the wheel.

2] I always, when possible, restrict what users are allowed to enter. Then, I simply delete or warn them about anything that is not permissible. e.g., they can enter any of the plain html tags. Any tags not in this list are removed.

//region******** Usable XHTML elements for user admin prepared user instructions [Only these XHTML tags can be used] ********/

$inlineHtmlTagsArray = array('a', 'b', 'img', 'em', 'object', 'option', 'select', 'span', 'strong',);//Note img is both empty and inline
$blockHtmlTagsArray = array('div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'p', 
$emptyHtmlTagsArray = array('br', 'hr', 'img',);
$listHtmlTagsArray = array('li', 'ol', 'ul');
$tableHtmlTagsArray = array('col', 'table', 'tbody', 'td', 'th', 'thead', 

I also do syntax and reverse DNS tests for all links and email addresses.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to