Hi Drouet, I've been asking about this too and here's what I've been working
on.  It checks for letters, numbers, puncuation, and max and min length.  I
was told any of the puncation was safe as long as you addslashes before you
put it into the database.


function check_input($user_input, $min=0, $max=0, $text=false,
$number=false, $special=false)
{
  $pattern = "";
  if ($text) $pattern .= "a-zA-Z";
  if ($number) $pattern .= "0-9";
  if ($special) $pattern .=
'---[:space:]\~\!\[\]\`\@\#\$\%\^\&\*\(\)\_\+\-\=\\\\{\}\|\:\"\;\'\<\>
\?\,\.\/';

  $regexp = '/^['.$pattern.']*$/i';

  if( preg_match($regexp, $user_input) && strlen($user_input) <= $max &&
strlen($user_input) >= $min )
    echo "it passes";
  else
    echo "didn't pass";
}


-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: April 24, 2002 3:49 AM
To: [EMAIL PROTECTED]
Subject: [PHP] validating user input



Hi the M.L.

I have to validate forms user inputs before the construction of my query to
my Oracle DB

Does anybody know the list of characters that should be rejected (for
example ;) ?

Do you have a function to validate it ?


regards
Laurent Drouet



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to