/    Sign up×
Community /Pin to ProfileBookmark

Which is Invalid trim() in Php ?

Copy linkTweet thisAlerts:
Dec 01.2020

Php Folks,

Note the trim.
Which example should I use out of the three ? Which one invalid and why invalid ?

1.

““
$domain_email = $_POST[‘domain_email’];
$password = $_POST[‘password’];

if(!filter_var(trim($domain_email,FILTER_SANITIZE_EMAIL)))
{
die(“Error 1a: Input the VALID Email Address belonging to your account!”);
}
if(!filter_var(trim($domain_email,FILTER_VALIDATE_EMAIL)))
{
die(“Error 1b: Input the VALID Email Address belonging to your account!”);
}

if(!filter_var(trim($password,FILTER_SANITIZE_STRING)))
{
die(“Error 1c: Input the correct Password belonging to your account!”);
}
““

2.

““
$domain_email = trim($_POST[‘domain_email’]);
$password = trim($_POST[‘password’]);

if(!filter_var($domain_email,FILTER_SANITIZE_EMAIL)))
{
die(“Error 1a: Input the VALID Email Address belonging to your account!”);
}
if(!filter_var($domain_email,FILTER_VALIDATE_EMAIL)))
{
die(“Error 1b: Input the VALID Email Address belonging to your account!”);
}

if(!filter_var$password,FILTER_SANITIZE_STRING)))
{
die(“Error 1c: Input the correct Password belonging to your account!”);
}
““

3.

““
$domain_email = trim($domain_email = $_POST[‘domain_email’]);
$password = trim($password = $_POST[‘password’]);

if(!filter_var($domain_email,FILTER_SANITIZE_EMAIL)))
{
die(“Error 1a: Input the VALID Email Address belonging to your account!”);
}
if(!filter_var($domain_email,FILTER_VALIDATE_EMAIL)))
{
die(“Error 1b: Input the VALID Email Address belonging to your account!”);
}

if(!filter_var$password,FILTER_SANITIZE_STRING)))
{
die(“Error 1c: Input the correct Password belonging to your account!”);
}
““

to post a comment
PHP

6 Comments(s)

Copy linkTweet thisAlerts:
@NachfolgerDec 01.2020 — Correct usage of trim is included in the PHP manual, scroll down to "Examples" - https://www.php.net/manual/en/function.trim.php

Since I know you don't like reading the manual:
  • 1. Not a smart implementation

  • 2. Fine

  • 3. Why would you use this?
    • Copy linkTweet thisAlerts:
    @NogDogDec 02.2020 — #1 is invalid syntax in any case, as you are passing the FILTER_SANITIZE_EMAIL type of parameters to the wrong function. Should be more like:
    <i>
    </i>if(!filter_var(trim($domain_email), FILTER_SANITIZE_EMAIL))

    As to the need to sanitize _and_ filter an email address, I have no idea why; and also no idea why you would want/need to sanitize a password. If the user wants to use '&lt;h1&gt;Hello&lt;/h1&gt;' as their password, fine: it's way more secure than 'swordfish'. You're just going to hash it and either insert it into the DB or hash it and compare it to the hashed value in the DB, and never actually output the raw text anywhere, right?....RIGHT???
    Copy linkTweet thisAlerts:
    @developer_webauthorDec 03.2020 — @Sempervivum

    Care to chime in ?

    Thanks!
    Copy linkTweet thisAlerts:
    @developer_webauthorDec 03.2020 — @Nachfolger#1625532

    I wouldn't use no.3. Was just being complicated/sophisticated out of curiosity.

    Thanks for the answer.
    Copy linkTweet thisAlerts:
    @developer_webauthorDec 03.2020 — @NogDog#1625537

    So, I should not FILTER or SANITIZE email but VALIDATE it ? Ok.

    As for password, VALIDATing it is out of question. So, I should not filter out any chars user types ? What if he types a space in his password ? How to know whether his password contains a space and he didn't accidently press the SPACE button ? If passwords cannot contain spaces then I guess I should just "trim($password".

    Right ? RIGHT ? Lol!
    Copy linkTweet thisAlerts:
    @developer_webauthorDec 03.2020 — Php Folks,

    I am told to just quit filtering,sanitizing login entries and should just let prepared statements deal with bad user inputs whether the input e malicious or otherwise.

    What you say to that advice I got ?
    ×

    Success!

    Help @developer_web spread the word by sharing this article on Twitter...

    Tweet This
    Sign in
    Forgot password?
    Sign in with TwitchSign in with GithubCreate Account
    about: ({
    version: 0.1.9 BETA 5.18,
    whats_new: community page,
    up_next: more Davinci•003 tasks,
    coming_soon: events calendar,
    social: @webDeveloperHQ
    });

    legal: ({
    terms: of use,
    privacy: policy
    });
    changelog: (
    version: 0.1.9,
    notes: added community page

    version: 0.1.8,
    notes: added Davinci•003

    version: 0.1.7,
    notes: upvote answers to bounties

    version: 0.1.6,
    notes: article editor refresh
    )...
    recent_tips: (
    tipper: @AriseFacilitySolutions09,
    tipped: article
    amount: 1000 SATS,

    tipper: @Yussuf4331,
    tipped: article
    amount: 1000 SATS,

    tipper: @darkwebsites540,
    tipped: article
    amount: 10 SATS,
    )...