Thanks James
This is excellent. If you don't mind digging out your functions, I'd much
appreciate it...
> Hello, Simon....
>
> "Simon H" wrote in message...
> > I'm trying to validate an input form, for database INSERT/UPDATE. I'm
> > looking for a couple of Techniques and I cant seem to find examples
> > anywhere:
> >
> > 1. Validate Alpha Text with spaces, such as NAME, CITY, STATE, but limit
> the
> > length of each one separately, and remove unwanted characters like
> > '@!"£$%^&*() etc that might mess with the SQL.
>
> Alright, clearup before you insert. That's my first bit of advice.....
> Here's a function for you.
>
> function ClearUnwanteds($string) {
> $string = preg_replace("/[^a-zA-Z0-9 ]/", $string);
> $string = trim($string);
> return $string;
> }
>
> This will replace (when invoked, like this: $string =
> ClearUnwanteds($string) ) the characters you don't want, and then trim the
> string. Then you can do:
>
> if (strlen($string) < /*enter minimum characters*/) {
> // error
> }
>
> > 2. As above but alphanumeric with spaces etc. for say ADDRESS1 ADDRESS2
> > POSTCODE, etc.
>
> Hmm.. isn't that what you wanted for your previous problem?
The previous question was for alpha only, no numeric ...names dont have
numbers, but addresses usually do.
>
> > 3. Validate DATE/TIME input to DD-MM-YYYY HH:MM:SS or D-M-YYYY H:M:S, or
> any
> > combination, but only allow valid dates and times, or as close to it as
> > possible.
>
> You should pick a format, and stick to it, then form a function around the
> format you've chosen - or look up some classes available for use
> on the net.
> Since you're storing the data in a MySQL database, you may as
> well check the
> date in the format it's stored in your db in the date (YYYY-MM-DD) or
> datetime (YYYY-MM-DD HH:MM:SS) formats MySQL uses.... I would go
> for select
> boxes with the day, month and year specified, then use something like
> checkdate() to check the date.... on these variables, then "merge" them
> (can't think of a better word) to form your date - i.e.
>
> if (CheckDate($month, $day, $year)) {
> // -- if ok, $date = $year . "-" . $month . "-" . $day;
> } else {
> // failure
> }
>
> I have formed some functions that I've made available (somewhere), if you
> need them I can probably drag them out and give you the urls.
I'd got kinda mixed up there on the date thing...lol. I have a javascript
date picker thingy, but unfotunately it drops leading zeros on the dates and
times. I think, however, your suggestion if pulldowns is much safer, but
the date will be for MySQL or MS Access. I think YYYY-MM-DD HH:MM:SS, as
you suggested would be the answer, and I'll try to add the time into the
$date variable.
>
> > 4. Validate MONEY input...numeric with 2 decimal places only.
>
> What currency? You're using a UK email address, but you've specified
> "STATE" in one of your other regex "wanteds", which is more typical of the
> US address format.
The currency is irrelevent here (although will UK£). I just want the 2
decimal places money format. I have STATE above because thats what the
field is in the database....On display it says state/county.
>
> > Also, what is the best way to allow some fields to be empty, like
> ADDRESS2,
> > but if they have data, then validate it.
>
> if (!emtpy($field)) {
> // perform validation.
> }
>
> ???
>
> > I've tried several times to do these myself using eregi, but when I test
> it,
> > the validation fails in some way...I'm shooting in the dark
> tho, and don't
> > really understand regex just yet, or probably the majority of
> PHP for that
> > matter.
>
> Well, ok. But that's what you're here for, right? :)
True....thanks!!
>
> > Thankfully I've got an email one... it was easy to find, since
> that's what
> > all examples are geared for. My application is for updating a DB with
> SQL,
> > and I cant find anything suitable.
>
> Then your'e looking in the wrong places (and more specifically, looking at
> things from the wrong perspective - regex's can be applied to pretty much
> anything (though, there are occassions when using them is overkill))!
>
> > If there is any other advice for data input into DB's regarding
> security,
> > I'd really to hear it.
>
> bvr's advice is good - read up on what he's suggested. :) Oh, and
> there are
> the manual entries (for which I've forgotten the addresses).
>
> Good luck!
>
> ~James
>
Thanks again James!
Simon H
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
