php-general Digest 12 Nov 2009 17:01:36 -0000 Issue 6439
Topics (messages 299780 through 299784):
Re: Form Validation filter - Regex Q
299780 by: Manuel Lemos
299781 by: Nisse Engström
299783 by: Al
Need suggestions on PHP frameworks
299782 by: Dhanushka Samarakoon
299784 by: Nathan Rixham
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
Hello,
on 11/10/2009 03:34 PM Haig Davis said the following:
> I've been figthing with this little problem for two days now, so far no luck
> with google and am beginning to question my own sanity.
>
> I have a application that has over one hundred forms some quite lengthy so
> what I'm trying to achieve rather than writing a bunch of individual
> sanitize statements then form validation statemenst that I could run $_POST
> through a foreach loop and filter the values by form class i.e.is it an
> emaill addreess or simply a text block with letters and numbers. The regex's
> alone work fine as does the foreach loop the only issue I have is the IF
> statement comparing $key to expected varieable names.
I am not a big fan of filtering. If the form has invalid data, do not
accept it, just show the form again to the user and make it fix it. He
may have made a mistake and if you fix his mistakes, you may be doing it
incorrectly.
What I suggest is to present the form again to the user denoting invalid
fields.
You may want to watch this tutorial video on this subject:
http://www.phpclasses.org/browse/video/1/package/1/section/usage.html
Other than that, doing all validation by hand is painful. You may want
to try this forms generation and validation package that performs all
the necessary types of validation on the server side in PHP and on
browser side using Javascript generated by the class within your form
template.
http://www.phpclasses.org/formsgeneration
Take a look here for a live example:
http://www.meta-language.net/forms-examples.html?example=test_form
If you have many forms for CRUD (Create, Retrieve, Update and Delete)
operations, you may want to also use this plug-in that automates the
generation of tha types of forms so you can do it in a fraction of your
time.
http://www.meta-language.net/forms-examples.html?example=test_scaffolding_input
--
Regards,
Manuel Lemos
Find and post PHP jobs
http://www.phpclasses.org/jobs/
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
--- End Message ---
--- Begin Message ---
On Tue, 10 Nov 2009 09:34:52 -0800, Haig Davis wrote:
> foreach($_POST as $keyTemp => $valueTemp){
> $key = mysqlclean($keyTemp);
> $value = mysqlclean($valueTemp);
Mysql and form validation are totally unrelated.
In my mind, this seems spectacularly misguided.
> if($key = ("$customerServiceEmail") || ("$billingEmail")){
>
> if(preg_match("/^([a-za-z0-9._%...@[a-za-z0-9.-]+\.[a-za-z]{2,4})*$/",
> $value)){
Just as almost every other email validation regexp
I have seen, this has a few imperfections:
* It does not allow some valid email addresses ([email protected])
* It does not allow some valid domains (*.museum)
* It allows invalid email addresses ([email protected])
* It allows invalid domains (example..com)
> $style = "yellow";
> $formMsg = "Invalid Characters";
> $bad = $key;
Personally, I'd put the invalid keys in an array and
mark all the problematic fields at once.
/Nisse
--- End Message ---
--- Begin Message ---
Haig Davis wrote:
Morning All,
I've been figthing with this little problem for two days now, so far no luck
with google and am beginning to question my own sanity.
I have a application that has over one hundred forms some quite lengthy so
what I'm trying to achieve rather than writing a bunch of individual
sanitize statements then form validation statemenst that I could run $_POST
through a foreach loop and filter the values by form class i.e.is it an
emaill addreess or simply a text block with letters and numbers. The regex's
alone work fine as does the foreach loop the only issue I have is the IF
statement comparing $key to expected varieable names.
Heres the bit of code envolved.
if(isset($_POST['submit'])){
foreach($_POST as $keyTemp => $valueTemp){
$key = mysqlclean($keyTemp);
$value = mysqlclean($valueTemp);
$$key = $key;
$$key = $value;
if($key != ("$customerServiceEmail") || ("$billingEmail") ||
("$website")){
if(preg_match("/[^a-zA-Z0-9\s]/", $value)){
$style = "yellow";
$formMsg = "Invalid Characters";
$bad = $key;
}
}
if($key = ("$customerServiceEmail") || ("$billingEmail")){
if(preg_match("/^([a-za-z0-9._%...@[a-za-z0-9.-]+\.[a-za-z]{2,4})*$/",
$value)){
$style = "yellow";
$formMsg = "Invalid Characters";
$bad = $key;
}
}
}
}
Thanks for taking a peek.
Haig
Sorry about the misreading your request, earlier.
Here is a function that I use.
function checkEmailAddr($emailAddr)
{
if(empty($emailAddr))
{
throw new Exception("No email address provided");
}
if(!preg_match("%...@%", $emailAddr))
{
throw new Exception("Email address missing mailbox name, or syntax is
wrong. ");
}
if(!filter_var($emailAddr, FILTER_VALIDATE_EMAIL))
{
throw new Exception("Email address error. Syntax is wrong. ");
}
$domain = substr(strchr($emailAddr, '@'), 1);
if(!checkdnsrr($domain))
{
throw new Exception("Email address warning. Specified domain
\"$domain\" appears to be invalid. Check carefully.");
}
return true;
}
Use the function like this
try{
checkEmailAddr($userSubmitedDataArray[EMAIL_ADDR_FIELD]);
}
catch (Exception $e)
{
$userErrorMsg = $e->getMessage(); //Message text in check function
}
--- End Message ---
--- Begin Message ---
Hi,
I need to select a PHP framework for a small project about 20-25 pages (but
expected to grow in the future). I was looking at the comparison chart at
http://www.phpframeworks.com/.
After browsing through some forums seems like CodeIgniter is the popular
option. *** But I really like event driven capabilities in Prado and Yii.
*** Please give me your input on what you think the best framework is and
why.
Also I would like an IDE (preferably free) which support that framework and
gives syntax highlighting and auto completion not only to the framework but
using my own classes as well. Also it need to have debugging, call stack,
variable/object quick view analysis.
Thanks,
Dhanushka.
--- End Message ---
--- Begin Message ---
Dhanushka Samarakoon wrote:
> Hi,
>
> I need to select a PHP framework for a small project about 20-25 pages (but
> expected to grow in the future). I was looking at the comparison chart at
> http://www.phpframeworks.com/.
>
> After browsing through some forums seems like CodeIgniter is the popular
> option. *** But I really like event driven capabilities in Prado and Yii.
> *** Please give me your input on what you think the best framework is and
> why.
can't see anybody helping you here, you just need to try a couple that
fit your requirements and see which one(s) you prefer.
or use zend.
> Also I would like an IDE (preferably free) which support that framework and
> gives syntax highlighting and auto completion not only to the framework but
> using my own classes as well. Also it need to have debugging, call stack,
> variable/object quick view analysis.
>
searching the archives would be good; this question is asked almost
daily.. but PDT/eclipse, netbeans, aptana
--- End Message ---
