Hello, Simon.... "Simon H" wrote in message... > I'm trying to validate an input form, for database INSERT/UPDATE. I'm > looking for a couple of Techniques and I cant seem to find examples > anywhere: > > 1. Validate Alpha Text with spaces, such as NAME, CITY, STATE, but limit the > length of each one separately, and remove unwanted characters like > '@!"£$%^&*() etc that might mess with the SQL.
Alright, clearup before you insert. That's my first bit of advice..... Here's a function for you. function ClearUnwanteds($string) { $string = preg_replace("/[^a-zA-Z0-9 ]/", $string); $string = trim($string); return $string; } This will replace (when invoked, like this: $string = ClearUnwanteds($string) ) the characters you don't want, and then trim the string. Then you can do: if (strlen($string) < /*enter minimum characters*/) { // error } > 2. As above but alphanumeric with spaces etc. for say ADDRESS1 ADDRESS2 > POSTCODE, etc. Hmm.. isn't that what you wanted for your previous problem? > 3. Validate DATE/TIME input to DD-MM-YYYY HH:MM:SS or D-M-YYYY H:M:S, or any > combination, but only allow valid dates and times, or as close to it as > possible. You should pick a format, and stick to it, then form a function around the format you've chosen - or look up some classes available for use on the net. Since you're storing the data in a MySQL database, you may as well check the date in the format it's stored in your db in the date (YYYY-MM-DD) or datetime (YYYY-MM-DD HH:MM:SS) formats MySQL uses.... I would go for select boxes with the day, month and year specified, then use something like checkdate() to check the date.... on these variables, then "merge" them (can't think of a better word) to form your date - i.e. if (CheckDate($month, $day, $year)) { // -- if ok, $date = $year . "-" . $month . "-" . $day; } else { // failure } I have formed some functions that I've made available (somewhere), if you need them I can probably drag them out and give you the urls. > 4. Validate MONEY input...numeric with 2 decimal places only. What currency? You're using a UK email address, but you've specified "STATE" in one of your other regex "wanteds", which is more typical of the US address format. > Also, what is the best way to allow some fields to be empty, like ADDRESS2, > but if they have data, then validate it. if (!emtpy($field)) { // perform validation. } ??? > I've tried several times to do these myself using eregi, but when I test it, > the validation fails in some way...I'm shooting in the dark tho, and don't > really understand regex just yet, or probably the majority of PHP for that > matter. Well, ok. But that's what you're here for, right? :) > Thankfully I've got an email one... it was easy to find, since that's what > all examples are geared for. My application is for updating a DB with SQL, > and I cant find anything suitable. Then your'e looking in the wrong places (and more specifically, looking at things from the wrong perspective - regex's can be applied to pretty much anything (though, there are occassions when using them is overkill))! > If there is any other advice for data input into DB's regarding security, > I'd really to hear it. bvr's advice is good - read up on what he's suggested. :) Oh, and there are the manual entries (for which I've forgotten the addresses). Good luck! ~James -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php