Re: [PHP-DB] Forms : Validating user input is integer
Manuel, Manuel Lemos [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... | Hello boclair, | | On 05-Apr-01 01:58:24, you wrote: | | I have a problem with a user input in a form required to be an | integer, creating a variable for a mysql query. | | I have instances where integer, 0, is being typed as letter,o. | | You may want to try this PHP form generation and validation class that does | exactly what you need and more. | | http://phpclasses.UpperDesign.com/browse.html/package/1 | | | It does both client and server side validation. For the client side it | uses the isNaN(parseInt(value)) Javascript functions. For the server side | it uses the strcmp($value,strval(intval($value))) PHP functions . | | | Regards, | Manuel Lemos | | Web Programming Components using PHP Classes. | Look at: http://phpclasses.UpperDesign.com/?[EMAIL PROTECTED] | -- | E-mail: [EMAIL PROTECTED] | URL: http://www.mlemos.e-na.net/ | PGP key: http://www.mlemos.e-na.net/ManuelLemos.pgp I downloaded the files and am studying them. Certainly comprehensive. Many thanks Tim Morris -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Forms : Validating user input is integer
Hello boclair, On 05-Apr-01 01:58:24, you wrote: I have a problem with a user input in a form required to be an integer, creating a variable for a mysql query. I have instances where integer, 0, is being typed as letter,o. The last discussion of validating the input was http://marc.theaimsgroup.com/?l=php-dbm=97207172003983w=2 There it was suggested that the only way to validate the input was using javascript. I have a case where clients have disabled javascript. I tried fiddling with is_int($input) but of cause it does not serve this purpose. Does anybody know if such validation can be done server side or definitely must be done client side? You may want to try this PHP form generation and validation class that does exactly what you need and more. http://phpclasses.UpperDesign.com/browse.html/package/1 It does both client and server side validation. For the client side it uses the isNaN(parseInt(value)) Javascript functions. For the server side it uses the strcmp($value,strval(intval($value))) PHP functions . Regards, Manuel Lemos Web Programming Components using PHP Classes. Look at: http://phpclasses.UpperDesign.com/?[EMAIL PROTECTED] -- E-mail: [EMAIL PROTECTED] URL: http://www.mlemos.e-na.net/ PGP key: http://www.mlemos.e-na.net/ManuelLemos.pgp -- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DB] RE : [PHP-DB] Forms : Validating user input as integer
Manuel, Manuel Lemos [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... | Hello boclair, | | On 05-Apr-01 01:58:24, you wrote: | | I have a problem with a user input in a form required to be an | integer, creating a variable for a mysql query. | | I have instances where integer, 0, is being typed as letter,o. | | You may want to try this PHP form generation and validation class that does | exactly what you need and more. | | http://phpclasses.UpperDesign.com/browse.html/package/1 | | | It does both client and server side validation. For the client side it | uses the isNaN(parseInt(value)) Javascript functions. For the server side | it uses the strcmp($value,strval(intval($value))) PHP functions . | | | Regards, | Manuel Lemos | | Web Programming Components using PHP Classes. | Look at: http://phpclasses.UpperDesign.com/?[EMAIL PROTECTED] | -- | E-mail: [EMAIL PROTECTED] | URL: http://www.mlemos.e-na.net/ | PGP key: http://www.mlemos.e-na.net/ManuelLemos.pgp I downloaded the files and am studying them. Certainly comprehensive. Many thanks Tim Morris -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Forms : Validating user input is integer
Thanks Steve, It is not my choice re javascript in this case I have tried to use the functions is_int($input_var) and is_integer($input_var) and the !versions as you suggest but with failures. Example 1_ if ((@!$submit) || (!is_int($input_var)) ) { echo "error"; include "get_id.php"; } else { _Example 2_ if ((@!$submit)) { echo "error"; include "get_id.php"; } elseif (is_int($num)) { _ There were no problems before attempting validation with is_int() and is_integer(). The integer validation was being with a javascript and the creation of the variable was OK. Further advise appreciated. Tim - Original Message - From: Steve Farmer [EMAIL PROTECTED] To: boclair [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, April 05, 2001 3:23 PM Subject: Re: [PHP-DB] Forms : Validating user input is integer Hi tim, most certainly it can be done on the server side, it juts requires a round trip to the server is all i think it is .. if(!isinteger($input_var)): (check the exact function in the php manual) echo "this is an error (or whatever), press here to go back and correct your inpout"; exit; /* stops the script executing */ endif; HTH Steve At 3:05 PM +1000 5/4/01, boclair wrote: I have a problem with a user input in a form required to be an integer, creating a variable for a mysql query. I have instances where integer, 0, is being typed as letter,o. The last discussion of validating the input was http://marc.theaimsgroup.com/?l=php-dbm=97207172003983w=2 There it was suggested that the only way to validate the input was using javascript. I have a case where clients have disabled javascript. I tried fiddling with is_int($input) but of cause it does not serve this purpose. Does anybody know if such validation can be done server side or definitely must be done client side? Tim Morris -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- --- "Minds are like parachutes, they work best when open" Support free speech; visit http://www.efa.org.au/ Heads Together Systems Pty Ltd http://www.hts.com.au Email: [EMAIL PROTECTED] Tel: 612 9982 6767 Fax: 612 9981 3081 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Forms : Validating user input is integer
- Original Message - From: Matt Williams [EMAIL PROTECTED] To: boclair [EMAIL PROTECTED] Sent: Thursday, April 05, 2001 9:03 PM Subject: RE: [PHP-DB] Forms : Validating user input is integer To gain the full benefit of your suggestion I find that I can validate for a wrong entry containing a mix alphabetical and numerical characters by altering the elseif line to read elseif (!eregi("[0-9]",$num) || eregi("[a-z]",$num)) Agreed? yes and no. I've done a lot of testing for this and using just the first one has never let any values of $num through unles they've contained only numbers. AFAIK (!eregi("[0-9]",$num) should always return false or 0 or whatever it is unless it contains only numbers. When I used only elseif (!eregi("[0-9]",$num) { } an input 2i passed the variable 2 You could also use [^a-zA-Z] for letters you don't want. so maybe something like (!eregi("([0-9]||[^a-zA-Z])",$num)) not tried so don't rely on that. xx correcting some typos this does the job elegantly. Should read elseif (!eregi(("[0-9]" || "[^a-zA-Z]"),$num)){ } xx Check out the phpbuilder.com regexp tutorial, I find it a good resource http://www.phpbuilder.com/columns/dario19990616.php3 Have read it and got confused. Will re-read it with my eyes open. Thanks for holding my hand. Tim -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Forms : Validating user input is integer
"boclair" [EMAIL PROTECTED] wrote in message 004801c0bdc7$13afbe00$[EMAIL PROTECTED]">news:004801c0bdc7$13afbe00$[EMAIL PROTECTED]... | | - Original Message - | From: Matt Williams [EMAIL PROTECTED] | To: boclair [EMAIL PROTECTED] | Sent: Thursday, April 05, 2001 9:03 PM | Subject: RE: [PHP-DB] Forms : Validating user input is integer | | | | To gain the full benefit of your suggestion I find that I can | validate | for a wrong entry containing a mix alphabetical and numerical | characters by altering the elseif line to read | | elseif (!eregi("[0-9]",$num) || eregi("[a-z]",$num)) | | Agreed? | | | yes and no. | | I've done a lot of testing for this and using just the first one has | never | let any values of $num through unles they've contained only numbers. | AFAIK (!eregi("[0-9]",$num) should always return false or 0 or | whatever it | is unless it contains only numbers. | | | When I used only elseif (!eregi("[0-9]",$num) { } | an input 2i passed the variable 2 | | | You could also use [^a-zA-Z] for letters you don't want. | so maybe something like (!eregi("([0-9]||[^a-zA-Z])",$num)) | not tried so don't rely on that. | | xx | correcting some typos this does the job elegantly. Should read | | elseif (!eregi(("[0-9]" || "[^a-zA-Z]"),$num)){ } | xx or even just elseif (!eregi("[^a-zA-Z]"),$num)) { } Tim Morris -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] Forms : Validating user input is integer
or even just elseif (!eregi("[^a-zA-Z]"),$num)) { } But that would not stop other characters. M@ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Forms : Validating user input is integer
"Matt Williams" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... | | or even just | elseif (!eregi("[^a-zA-Z]"),$num)) { } | | But that would not stop other characters. | | M@ Whoops! Careless of me. The line should read, and as I tested it, elseif (eregi("[a-zA-Z]",$num)) { } Do you see any problem with this? I have tried with every type and mix of input that I can think of and was successful in denying all but digit inputs, but I have little confidence in what I am doing. With your examples I am at least coming to some understanding of Dario Gomes article on PHPBuilder. Tim -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] Forms : Validating user input is integer
Whoops! Careless of me. The line should read, and as I tested it, elseif (eregi("[a-zA-Z]",$num)) { } Do you see any problem with this? Yes, same thing it will accept other character like !*- etc... try if(!eregi("^[0-9]+[0-9]*$",$num) { //error } M@ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Forms : Validating user input is integer
- Original Message - From: Matt Williams [EMAIL PROTECTED] To: Boclair [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, April 05, 2001 11:28 PM Subject: RE: [PHP-DB] Forms : Validating user input is integer The line should read, and as I tested it, elseif (eregi("[a-zA-Z]",$num)) { } Do you see any problem with this? Yes, same thing it will accept other character like !*- etc... try if(!eregi("^[0-9]+[0-9]*$",$num) file://error } You are right again. Stops all further processing of the inserted variable if it is not entirely composed of digits. It did not cross my mind to check for ! (shift 1) and similar entry errors. Once again, thanks. Tim So here is the final working script ? if ((@!$submit) || empty($num) ) { echo "div align='center'span class='note'No entry was made/span/div"; include "get_id.php"; } if(!eregi("^[0-9]+[0-9]*$",$num)) { echo "div align='center'span class='note'The ID should have been a number./span/div"; include "get_id.php"; } else { include "do_form.php"; } ? Tim -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Forms : Validating user input is integer
"boclair" [EMAIL PROTECTED] wrote in message 002101c0bd8e$30742e60$[EMAIL PROTECTED]">news:002101c0bd8e$30742e60$[EMAIL PROTECTED]... | I have a problem with a user input in a form required to be an | integer, creating a variable for a mysql query. | | I have instances where integer, 0, is being typed as letter,o. | Does anybody know if such validation can be done server side or | definitely must be done client side? Brad S Jackson replied suggesting that the php function preg_match() should be used for this type of server side validation. ^^ Brad, - Original Message - From: Brad S. Jackson [EMAIL PROTECTED] To: boclair [EMAIL PROTECTED] Sent: Thursday, April 05, 2001 11:54 PM Subject: Re: [PHP-DB] Forms : Validating user input is integer This is probably the most efficient way to check. The preg functions are faster than the ereg functions so I never use ereg. I think server side validation is required and client side is optional. if(preg_match("/^[0-9]+$/", $var)) echo "Valid"; else echo "Invalid"; There you go. Does the same job as Matt William's eregi() I am getting invaluable lessons on this stuff, which I never understood before. Using the php preg_match() function the tested script is _ ? if ((@!$submit) || empty($num) ) { echo "div align='center'span class='note'No entry was made/span/div"; include "get_id.php"; } if(preg_match("/^[0-9]+$/", $num)) { include "do_form.php"; } else { echo "div align='center'span class='note'The ID should have been a number./span/div"; include "get_id.php"; } ? ___ Many thanks ^^^ Tim Morris -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Forms : Validating user input is integer
Ben Udall [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... | boclair wrote: | I have a problem with a user input in a form required to be an | integer, creating a variable for a mysql query. | | I have instances where integer, 0, is being typed as letter,o. | Does anybody know if such validation can be done server side or | definitely must be done client side? | | A basic client-server rule is to never trust the client. You should be | doing all validation on the server side. Client side validation is a | nice feature, but should be in addition to the sever side checking and | never required. | | Here's the quickest way I know to validate an integer in php: | | if (ereg("^[0-9]+$", $input)) | { |// $input is a valid non-negative integer | } | | or, if negative numbers are valid, use could use this one: | | if (ereg("^-?[0-9]+$", $input)) | { |// $input is a valid integer | } Once again, thanks. This validates for an all digit variable. In this case the tested script reads ? if ((@!$submit) || empty($num) ) { echo "div align='center'span class='note'No entry was made/span/div"; include "get_id.php"; } if (ereg("^[0-9]+$", $input)) { include "do_form.php"; } else { echo "div align='center'span class='note'The ID should have been a number./span/div"; include "get_id.php"; } ? Will I ever get on the ball and stay there Tim Morris -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]