Menu
Community /Pin to ProfileBookmark
@NogDogApr 29.2010 — #I tend to assume that the user knows how to spell his name and address, and prefer not to try to guess what all the possible valid characters should be, as if I guess wrong, I may make it difficult/impossible for a user to enter valid data. I'll typically trim() the value, check that it is within the min/max allowed length, and then maybe check for obviously illegal values such as newlines and carriage returns and nulls.
Form validation for name and address?
Hi, I am in the process of securing my order form but I don’t know what to do for the first name, last name, address line 1 & line 2 and city. All the fields like zip code, email, phone number have very strong regular expressions to validate the input, prevent unintentional errors and provide protection against sql injection. SO my question is how should I validate first name, last name, address line 1 & line 2 and city. I know I won’t be able to fully protect these fields against errors but I at least need protection from sql injection. Should I just use mysql_real_escape_string() on these fields? but what if theres a backslash in the input that is supposed to be there but is removed when I call strip slashes? Thanks
Sign in
to post a comment2 Comments(s) ↴
0
@NogDogApr 29.2010 — #I tend to assume that the user knows how to spell his name and address, and prefer not to try to guess what all the possible valid characters should be, as if I guess wrong, I may make it difficult/impossible for a user to enter valid data. I'll typically trim() the value, check that it is within the min/max allowed length, and then maybe check for obviously illegal values such as newlines and carriage returns and nulls.[code=php]
if(preg_match('/[x00-x31]/', $string))
{
// invalid character
}
[/code]