Re: [PHP-DB] Forms : Validating user input is integer

2001-04-08 Thread Boclair

Manuel,

Manuel Lemos [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
| Hello boclair,
|
| On 05-Apr-01 01:58:24, you wrote:
|
| I have a problem with a user input in a form required to be an
| integer, creating a variable for a mysql query.
|
| I have instances where integer, 0, is being typed as letter,o.
|
| You may want to try this PHP form generation and validation class
that does
| exactly what you need and more.
|
| http://phpclasses.UpperDesign.com/browse.html/package/1
|
|
| It does both client and server side validation.  For the client side
it
| uses the isNaN(parseInt(value)) Javascript functions.  For the
server side
| it uses the strcmp($value,strval(intval($value))) PHP functions .
|
|
| Regards,
| Manuel Lemos
|
| Web Programming Components using PHP Classes.
| Look at: http://phpclasses.UpperDesign.com/?[EMAIL PROTECTED]
| --
| E-mail: [EMAIL PROTECTED]
| URL: http://www.mlemos.e-na.net/
| PGP key: http://www.mlemos.e-na.net/ManuelLemos.pgp

I downloaded the files and am studying them.

Certainly comprehensive.

Many thanks

Tim Morris


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail:
[EMAIL PROTECTED]




-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP-DB] Forms : Validating user input is integer

2001-04-07 Thread Manuel Lemos

Hello boclair,

On 05-Apr-01 01:58:24, you wrote:

I have a problem with a user input in a form required to be an
integer, creating a variable for a mysql query.

I have instances where integer, 0, is being typed as letter,o.

The last discussion of validating the input was
http://marc.theaimsgroup.com/?l=php-dbm=97207172003983w=2

There it was suggested that the only way to validate the input was
using javascript.  I have a case where clients have disabled
javascript.

I tried fiddling with is_int($input) but of cause it does not serve
this purpose.

Does anybody know if such validation can be done server side or
definitely must be done client side?

You may want to try this PHP form generation and validation class that does
exactly what you need and more.

http://phpclasses.UpperDesign.com/browse.html/package/1


It does both client and server side validation.  For the client side it
uses the isNaN(parseInt(value)) Javascript functions.  For the server side
it uses the strcmp($value,strval(intval($value))) PHP functions .


Regards,
Manuel Lemos

Web Programming Components using PHP Classes.
Look at: http://phpclasses.UpperDesign.com/?[EMAIL PROTECTED]
--
E-mail: [EMAIL PROTECTED]
URL: http://www.mlemos.e-na.net/
PGP key: http://www.mlemos.e-na.net/ManuelLemos.pgp
--


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




[PHP-DB] RE : [PHP-DB] Forms : Validating user input as integer

2001-04-07 Thread boclair

Manuel,

Manuel Lemos [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
| Hello boclair,
|
| On 05-Apr-01 01:58:24, you wrote:
|
| I have a problem with a user input in a form required to be an
| integer, creating a variable for a mysql query.
|
| I have instances where integer, 0, is being typed as letter,o.
|
| You may want to try this PHP form generation and validation class
that does
| exactly what you need and more.
|
| http://phpclasses.UpperDesign.com/browse.html/package/1
|
|
| It does both client and server side validation.  For the client side
it
| uses the isNaN(parseInt(value)) Javascript functions.  For the
server side
| it uses the strcmp($value,strval(intval($value))) PHP functions .
|
|
| Regards,
| Manuel Lemos
|
| Web Programming Components using PHP Classes.
| Look at: http://phpclasses.UpperDesign.com/?[EMAIL PROTECTED]
| --
| E-mail: [EMAIL PROTECTED]
| URL: http://www.mlemos.e-na.net/
| PGP key: http://www.mlemos.e-na.net/ManuelLemos.pgp

I downloaded the files and am studying them.

Certainly comprehensive.

Many thanks

Tim Morris


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP-DB] Forms : Validating user input is integer

2001-04-05 Thread boclair

Thanks Steve,

It is not my choice re javascript in this case

I have tried to use the functions is_int($input_var) and
is_integer($input_var)  and the !versions as you suggest but with
failures.

Example 1_

if ((@!$submit) || (!is_int($input_var)) )
  {
   echo "error";
   include "get_id.php";
   }

else {


_Example 2_

if ((@!$submit))
  {
   echo "error";
   include "get_id.php";
   }

elseif (is_int($num)) {
_

There were no problems before attempting validation with is_int() and
is_integer().  The integer validation was being with a javascript and
the creation of the variable was OK.

Further advise appreciated.

Tim




- Original Message -
From: Steve Farmer [EMAIL PROTECTED]
To: boclair [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Thursday, April 05, 2001 3:23 PM
Subject: Re: [PHP-DB] Forms : Validating user input is integer


 Hi tim,

 most certainly it can be done on the server side, it juts requires a
 round trip to the server is all

 i think it is ..

 if(!isinteger($input_var)): (check the exact function in the php
manual)
   echo "this is an error (or whatever), press here to go back and
 correct your inpout";
 exit; /* stops the script executing */
 endif;

 HTH
 Steve

 At 3:05 PM +1000 5/4/01, boclair wrote:
 I have a problem with a user input in a form required to be an
 integer, creating a variable for a mysql query.
 
 I have instances where integer, 0, is being typed as letter,o.
 
 The last discussion of validating the input was
 http://marc.theaimsgroup.com/?l=php-dbm=97207172003983w=2
 
 There it was suggested that the only way to validate the input was
 using javascript.  I have a case where clients have disabled
 javascript.
 
 I tried fiddling with is_int($input) but of cause it does not serve
 this purpose.
 
 Does anybody know if such validation can be done server side or
 definitely must be done client side?
 
 Tim Morris
 
 
 
 
 --
 PHP Database Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail:
[EMAIL PROTECTED]

 --
 ---
 "Minds are like parachutes, they work best when open"
 Support free speech; visit http://www.efa.org.au/

 Heads Together Systems Pty Ltd http://www.hts.com.au
 Email: [EMAIL PROTECTED] Tel: 612 9982 6767 Fax: 612 9981 3081

 --
 PHP Database Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail:
[EMAIL PROTECTED]




-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP-DB] Forms : Validating user input is integer

2001-04-05 Thread boclair


- Original Message -
From: Matt Williams [EMAIL PROTECTED]
To: boclair [EMAIL PROTECTED]
Sent: Thursday, April 05, 2001 9:03 PM
Subject: RE: [PHP-DB] Forms : Validating user input is integer



  To gain the full benefit of your suggestion I find that I can
validate
  for a wrong entry containing  a mix alphabetical and numerical
  characters  by altering the elseif line to read
 
  elseif (!eregi("[0-9]",$num) || eregi("[a-z]",$num))
 
  Agreed?
 

  yes and no.

 I've done a lot of testing for this and using just the first one has
never
 let any values of $num through unles they've contained only numbers.
 AFAIK (!eregi("[0-9]",$num) should always return false or 0 or
whatever it
 is unless it contains only numbers.


When I used  only  elseif (!eregi("[0-9]",$num) { }
an input 2i passed the variable 2


 You could also use [^a-zA-Z] for letters you don't want.
 so maybe something like  (!eregi("([0-9]||[^a-zA-Z])",$num))
 not tried so don't rely on that.

xx
correcting some typos this does the job elegantly.  Should read

elseif (!eregi(("[0-9]" || "[^a-zA-Z]"),$num)){  }
xx

 Check out the phpbuilder.com regexp tutorial, I find it a good
resource
 http://www.phpbuilder.com/columns/dario19990616.php3

Have read it and got confused.  Will re-read it with my eyes open.

Thanks for holding my hand.

Tim



-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP-DB] Forms : Validating user input is integer

2001-04-05 Thread Boclair


"boclair" [EMAIL PROTECTED] wrote in message
004801c0bdc7$13afbe00$[EMAIL PROTECTED]">news:004801c0bdc7$13afbe00$[EMAIL PROTECTED]...
|
| - Original Message -
| From: Matt Williams [EMAIL PROTECTED]
| To: boclair [EMAIL PROTECTED]
| Sent: Thursday, April 05, 2001 9:03 PM
| Subject: RE: [PHP-DB] Forms : Validating user input is integer
|
|
| 
|   To gain the full benefit of your suggestion I find that I can
| validate
|   for a wrong entry containing  a mix alphabetical and numerical
|   characters  by altering the elseif line to read
|  
|   elseif (!eregi("[0-9]",$num) || eregi("[a-z]",$num))
|  
|   Agreed?
|  
| 
|   yes and no.
| 
|  I've done a lot of testing for this and using just the first one
has
| never
|  let any values of $num through unles they've contained only
numbers.
|  AFAIK (!eregi("[0-9]",$num) should always return false or 0 or
| whatever it
|  is unless it contains only numbers.
|
| 
| When I used  only  elseif (!eregi("[0-9]",$num) { }
| an input 2i passed the variable 2
| 
|
|  You could also use [^a-zA-Z] for letters you don't want.
|  so maybe something like  (!eregi("([0-9]||[^a-zA-Z])",$num))
|  not tried so don't rely on that.
|
| xx
| correcting some typos this does the job elegantly.  Should read
|
| elseif (!eregi(("[0-9]" || "[^a-zA-Z]"),$num)){  }
| xx

or even just
elseif  (!eregi("[^a-zA-Z]"),$num)) { }


Tim Morris



-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




RE: [PHP-DB] Forms : Validating user input is integer

2001-04-05 Thread Matt Williams


 or even just
 elseif  (!eregi("[^a-zA-Z]"),$num)) { }

But that would not stop other characters.

M@

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP-DB] Forms : Validating user input is integer

2001-04-05 Thread Boclair


"Matt Williams" [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
|
|  or even just
|  elseif  (!eregi("[^a-zA-Z]"),$num)) { }
|
| But that would not stop other characters.
|
| M@


Whoops!  Careless of me.  The line should read, and as I tested it,

elseif (eregi("[a-zA-Z]",$num)) { }

Do you see any problem with this?

I have tried with every type and mix of input that I can think of and
was successful in denying all but digit inputs, but I have little
confidence in what I am doing.  With your examples I am at least
coming to some understanding of Dario Gomes article on PHPBuilder.


Tim




-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




RE: [PHP-DB] Forms : Validating user input is integer

2001-04-05 Thread Matt Williams


 Whoops!  Careless of me.  The line should read, and as I tested it,
 
 elseif (eregi("[a-zA-Z]",$num)) { }
 
 Do you see any problem with this?

Yes, same thing it will accept other character like !*- etc...

try

if(!eregi("^[0-9]+[0-9]*$",$num)
{   
  //error
}

M@

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP-DB] Forms : Validating user input is integer

2001-04-05 Thread boclair


- Original Message -
From: Matt Williams [EMAIL PROTECTED]
To: Boclair [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Thursday, April 05, 2001 11:28 PM
Subject: RE: [PHP-DB] Forms : Validating user input is integer


The line should read, and as I tested it,
 
  elseif (eregi("[a-zA-Z]",$num)) { }
 
  Do you see any problem with this?

 Yes, same thing it will accept other character like !*- etc...

 try

 if(!eregi("^[0-9]+[0-9]*$",$num)


   file://error
 }


You are right again.  Stops all further processing of the inserted
variable if it is not entirely composed of digits.

It did  not cross my mind to check for ! (shift 1) and similar entry
errors.

Once again, thanks.

Tim

So here is the final working script

?
if ((@!$submit) || empty($num) )
 {
 echo "div align='center'span class='note'No entry was
made/span/div";
include "get_id.php";
 }
if(!eregi("^[0-9]+[0-9]*$",$num))
 {
  echo "div align='center'span class='note'The ID should have
been a  number./span/div";
  include "get_id.php";
}
else
{
   include "do_form.php";
 }
?


Tim


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP-DB] Forms : Validating user input is integer

2001-04-05 Thread Boclair


"boclair" [EMAIL PROTECTED] wrote in message
002101c0bd8e$30742e60$[EMAIL PROTECTED]">news:002101c0bd8e$30742e60$[EMAIL PROTECTED]...
| I have a problem with a user input in a form required to be an
| integer, creating a variable for a mysql query.
|
| I have instances where integer, 0, is being typed as letter,o.
| Does anybody know if such validation can be done server side or
| definitely must be done client side?

Brad S Jackson replied suggesting that the php function preg_match()
should be used for this type of server side validation.

^^
Brad,

- Original Message -
From: Brad S. Jackson [EMAIL PROTECTED]
To: boclair [EMAIL PROTECTED]
Sent: Thursday, April 05, 2001 11:54 PM
Subject: Re: [PHP-DB] Forms : Validating user input is integer




 This is probably the most efficient way to check.  The preg
functions are faster
 than the ereg functions so I never use ereg.  I think server side
validation is
 required and client side is optional.

 if(preg_match("/^[0-9]+$/", $var))
echo "Valid";
 else
echo "Invalid";

There you go.  Does the same job as Matt William's  eregi()

I am getting invaluable lessons on this stuff, which I never
understood before.

Using the php preg_match() function the tested script is
_
?
if ((@!$submit) || empty($num) )
 {
   echo "div align='center'span class='note'No entry was
made/span/div";
include "get_id.php";
 }
if(preg_match("/^[0-9]+$/", $num))
 {
   include "do_form.php";
   }
else
   {
   echo "div align='center'span class='note'The ID should have
been a number./span/div";
include "get_id.php";
 }
?
___

Many thanks
^^^
Tim Morris





-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP-DB] Forms : Validating user input is integer

2001-04-05 Thread Boclair


Ben Udall [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
| boclair wrote:
|  I have a problem with a user input in a form required to be an
|  integer, creating a variable for a mysql query.
| 
|  I have instances where integer, 0, is being typed as letter,o.
|  Does anybody know if such validation can be done server side or
|  definitely must be done client side?
|
| A basic client-server rule is to never trust the client.  You should
be
| doing all validation on the server side.  Client side validation is
a
| nice feature, but should be in addition to the sever side checking
and
| never required.
|
| Here's the quickest way I know to validate an integer in php:
|
| if (ereg("^[0-9]+$", $input))
| {
|// $input is a valid non-negative integer
| }
|
| or, if negative numbers are valid, use could use this one:
|
| if (ereg("^-?[0-9]+$", $input))
| {
|// $input is a valid integer
| }


Once again, thanks.  This validates for an all digit variable.  In
this case the tested script reads

?
if ((@!$submit) || empty($num) )
 {
   echo "div align='center'span class='note'No entry was
made/span/div";
include "get_id.php";
 }
if (ereg("^[0-9]+$", $input))
 {
   include "do_form.php";
   }
else
   {
   echo "div align='center'span class='note'The ID should have
been a number./span/div";
include "get_id.php";
 }
?

Will I ever get on the ball and stay there

Tim Morris




-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]