Re: [PHP] Validating user input
Try this: if (is_numeric($txt1) && (float)$txt1<24 && (strlen($txt1)-strpos($txt1,"."))<=3) { echo "True"; } else { echo "False"; }; Misha PHP Genie "Electroteque" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > is_numeric and strlen ? > > -Original Message- > From: Shaun [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 03, 2003 7:21 PM > To: [EMAIL PROTECTED] > Subject: [PHP] Validating user input > > > Hi, > > I am creating a timesheet application, how can I make sure that a user has > entered a number, and that the number is a whole number or a decimal up to 2 > places, and that the number is less than 24? > > Thanks for your help > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Validating user input
On Tue, 2003-06-03 at 02:46, Sichta Daniel wrote: > Another way is to do it on client side (javascript) > > DS Indeed, but then you have to be prepared for it not to work if the user doesn't have js enabled. Torben > -Original Message- > From: Shaun [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 03, 2003 11:21 AM > To: [EMAIL PROTECTED] > Subject: [PHP] Validating user input > > > Hi, > > I am creating a timesheet application, how can I make sure that a user has > entered a number, and that the number is a whole number or a decimal up to 2 > places, and that the number is less than 24? > > Thanks for your help > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- Torben Wilson <[EMAIL PROTECTED]>+1.604.709.0506 http://www.thebuttlesschaps.com http://www.inflatableeye.com http://www.hybrid17.com http://www.themainonmain.com - Boycott Starbucks! http://www.haidabuckscafe.com - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Validating user input
> -Original Message- > From: Shaun [mailto:[EMAIL PROTECTED] > Sent: 03 June 2003 10:21 > > I am creating a timesheet application, how can I make sure > that a user has > entered a number, and that the number is a whole number or a > decimal up to 2 > places, and that the number is less than 24? I'd probably do this with a regex plus a quick test for in-range values -- something like (untested): if ($number>0 && $number<24 && preg_match('^[0-9]{1-2}(\.[0-9]{1,2})?$', $number)) do_stuff; You could also tweak the regex to filter out out-of-range values and dispense with the range checks -- something like (again untested): if (preg_match('^(1?[0-9]|2[0-4])(\.[0-9]{1,2})?$', $number)) do_stuff; Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning & Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Validating user input
Another way is to do it on client side (javascript) DS -Original Message- From: Shaun [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 03, 2003 11:21 AM To: [EMAIL PROTECTED] Subject: [PHP] Validating user input Hi, I am creating a timesheet application, how can I make sure that a user has entered a number, and that the number is a whole number or a decimal up to 2 places, and that the number is less than 24? Thanks for your help -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Validating user input
Try this... I don't know if this will suit your needs but it'll give you an idea: 0 && $a < 24) { $time = number_format($a, 2, '.', ''); echo "Time: $time\n\n"; } else { echo "Invaild Time.\n\n"; } ?> Regards, John -- -~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~- John Coggeshall john at coggeshall dot org http://www.coggeshall.org/ -~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Validating user input
is_numeric and strlen ? -Original Message- From: Shaun [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 03, 2003 7:21 PM To: [EMAIL PROTECTED] Subject: [PHP] Validating user input Hi, I am creating a timesheet application, how can I make sure that a user has entered a number, and that the number is a whole number or a decimal up to 2 places, and that the number is less than 24? Thanks for your help -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] validating user input
Hi Drouet, I've been asking about this too and here's what I've been working on. It checks for letters, numbers, puncuation, and max and min length. I was told any of the puncation was safe as long as you addslashes before you put it into the database. function check_input($user_input, $min=0, $max=0, $text=false, $number=false, $special=false) { $pattern = ""; if ($text) $pattern .= "a-zA-Z"; if ($number) $pattern .= "0-9"; if ($special) $pattern .= 'À-ÖØ-öø-ÿ[:space:]\~\!\[\]\`\@\#\$\%\^\&\*\(\)\_\+\-\={\}\|\:\"\;\'\<\> \?\,\.\/'; $regexp = '/^['.$pattern.']*$/i'; if( preg_match($regexp, $user_input) && strlen($user_input) <= $max && strlen($user_input) >= $min ) echo "it passes"; else echo "didn't pass"; } -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: April 24, 2002 3:49 AM To: [EMAIL PROTECTED] Subject: [PHP] validating user input Hi the M.L. I have to validate forms user inputs before the construction of my query to my Oracle DB Does anybody know the list of characters that should be rejected (for example ;) ? Do you have a function to validate it ? regards Laurent Drouet -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Validating User Input
On Fri, 19 Apr 2002, SP wrote: > Now should I include all those special characters? I want it to be hack > proof so I don't want to add the user input into my database and have > something bad happen. > > Which ones are safe? > ~ ` ! @ # $ % ^ & * ( ) _ + - = [ ] \ { } | : " ; ' < > ? , . / All characters are safe for database use as long as they're handled properly. Basically that means escaping ' " and \ which should be taken care of automatically by addslashes (or by the abominable magic_quotes_gpc if you happen to have it on). Now, when you're dealing with path/file names and arguments to external programs, you need to be more careful... miguel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Validating User Input
Thanks Danny, that worked! Now should I include all those special characters? I want it to be hack proof so I don't want to add the user input into my database and have something bad happen. Which ones are safe? ~ ` ! @ # $ % ^ & * ( ) _ + - = [ ] \ { } | : " ; ' < > ? , . / -Original Message- From: Danny Shepherd [mailto:[EMAIL PROTECTED]] Sent: April 19, 2002 9:32 AM To: Php Subject: Re: [PHP] Validating User Input Hi, \?\,\. \/'; $regexp='^['.$pattern.']{'.$min.','.$max.'}$'; if (ereg($regexp,$user_input)) return $user_input; else return $default; } ?> That should take care of everything except the square brackets - not sure how to go about getting them (escaping them didn't seem to work). HTH Danny. - Original Message - From: "SP" <[EMAIL PROTECTED]> To: "Php" <[EMAIL PROTECTED]> Sent: Friday, April 19, 2002 1:57 PM Subject: [PHP] Validating User Input > I am trying to validate an user's input. I can get the ereg function to > work if I just type in the pattern I'm searching for but my problem is I > want to build the pattern through a variable first and then use that > variable in the ereg function. > > For example, I want to check an input that's only text and only between 5 to > 20 characters in length. Is this possible? > > function check_input($user_input, $min=0, $max=0, $text=false, > $number=false, $special=false, $default="") > { > if ($text) $pattern .= "a-zA-Z"; > if ($number) $pattern .= "0-9"; > if ($special) $pattern .= "[:space:]"; > > if (ereg("^[$pattern]{$min,$max}$", $user_input)) > return $user_input; > else > return $default; > } > > Also, which of the following special characters is considered safe to > accept? I am just allowing spaces now but would like as many of the below > characters to be included. > > ~ ` ! @ # $ % ^ & * ( ) _ + - = [ ] \ { } | : " ; ' < > ? , . / > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Validating User Input
Hi, \?\,\. \/'; $regexp='^['.$pattern.']{'.$min.','.$max.'}$'; if (ereg($regexp,$user_input)) return $user_input; else return $default; } ?> That should take care of everything except the square brackets - not sure how to go about getting them (escaping them didn't seem to work). HTH Danny. - Original Message - From: "SP" <[EMAIL PROTECTED]> To: "Php" <[EMAIL PROTECTED]> Sent: Friday, April 19, 2002 1:57 PM Subject: [PHP] Validating User Input > I am trying to validate an user's input. I can get the ereg function to > work if I just type in the pattern I'm searching for but my problem is I > want to build the pattern through a variable first and then use that > variable in the ereg function. > > For example, I want to check an input that's only text and only between 5 to > 20 characters in length. Is this possible? > > function check_input($user_input, $min=0, $max=0, $text=false, > $number=false, $special=false, $default="") > { > if ($text) $pattern .= "a-zA-Z"; > if ($number) $pattern .= "0-9"; > if ($special) $pattern .= "[:space:]"; > > if (ereg("^[$pattern]{$min,$max}$", $user_input)) > return $user_input; > else > return $default; > } > > Also, which of the following special characters is considered safe to > accept? I am just allowing spaces now but would like as many of the below > characters to be included. > > ~ ` ! @ # $ % ^ & * ( ) _ + - = [ ] \ { } | : " ; ' < > ? , . / > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php