Jump to content
MakeWebGames

Help please

shrek1609

By shrek1609
in Other Programming

 Share

Recommended Posts

Guest Anonymous

Guest Anonymous

Posted
Posted

Re: Help please

Assuming your new name is coming in from $_POST['newname'] ...

 

function postStr( $key, $maxLen = 50, $default = "" )
{
if (isset($_POST[$key]))
{
	if (is_string($_POST[$key]))
	{
		$value = get_magic_quotes_gpc() ? stripslashes($_POST[$key]) ? $_POST[$key];

		return trim(substr(trim($value) . " ", 0, $maxLen));
	}
}

return $default;
}

 

$newname = postStr("newname", 25);

if (preg_match("`[a-z0-9_]+`ims", $newname))
{
// you now have name with letters, digits and the underscore only
}
Link to comment
Share on other sites
Floydian Newbie

Floydian

Posted
Posted

Re: Help please

What about spaces? I like spaces :p

Okydokie, I'll take a crack at it ;) and show you my personal flavor of validation :D

 

if (!ctype_alnum(ereg_replace('[ _]', '', $_POST['newname']))) {
echo "Only letters, numbers, spaces, and underscores are allowed.";
die;
}

 

I'll break that down a bit for you in case you're not familiar with the functions used.

ereg_replace('[ _]', '', $_POST['newname'])

That removes spaces and the underscores from the string (note that I do not use this function to remove the spaces and underscores for the purpose of storing this in a variable, it is only so the ctype_alnum() function can do it's thing properly).

!ctype_alnum( [(string) with spaces and underscores removed] )

The cytype_alnum() function tests if a string is an alphanumeric string (only letters and numbers).

If anything other than that is found, it returns FALSE and thus we test for a false value.

It is necessary to remove the spaces and underscores before using the ctype_alnum() function because spaces and underscores will cause this function to return false.

 

I did not include any escaping code as in the previous post though, so keep that in mind.

If $_POST['newname'] is found to only contain letters, numbers, spaces, and underscores, it will still have the spaces and underscores in it and you can now store in the database.

 

You may prefer to use an if...else block which would allow you to not have the die function in there like I have it, or if you encapsulate all of this inside a user created function, you can substitute return; for die; and in that case the function is exited and the script can finish execution as normal, but without having stored the name in the database and the error message would be displayed.

Using return; is the prefered method for me since you can do something like:

 

if (!ctype_alnum(ereg_replace('[ _]', '', $_POST['newname']))) {
echo "Only letters, numbers, spaces, and underscores are allowed.";
display_name_form();
       return;
}

 

Since your form should be in a function itself, and the validation/database insertion/update code in another function, you could upon detection of an invalid name, call up the function that displays the form and then exit the function the executes the database insertion/update.

This negates the need for a back button where a page is displayed with the error notice and then the user is required to "go back" to the form since the form could simply just be redisplayed immediately for the user thus improving the users experience ;)

In the form function, you could take it a step further, and do:

 

function display_name_form() {

if (!isset($_POST['newname'])) {
	$_POST['newname'] = null;
}

echo <<<EOT
<form blahblah>
<input type="text" name="newname" value="{$_POST['newname']}">
</form>
EOT;

}

 

And doing that, will redisplay the name they put in the form so they can simply edit it, instead of retyping everything ;)

The if(!isset blahblah) deal is used to initialize the variable the first time the form is displayed so that an E_NOTICE is not generated due to an uninitialized variable. D:

:mrgreen:

Link to comment
Share on other sites
Guest Anonymous

Guest Anonymous

Posted
Posted

Re: Help please

I believe the ctype_xxx functions are not always available however so it might be an idea to stick to the basic perl regex or basic regex functions...

Link to comment
Share on other sites
Floydian Newbie

Floydian

Posted
Posted

Re: Help please

From the PHP Online Manual:

Beginning with PHP 4.2.0 these functions are enabled by default.

If you're working with PHP < 4.2.0 you really should upgrade.

;)

But with that said, I don't wanna take away from the code Nyna posted. We have two different flavors for doing the same thing, although mine allows spaces ;) teehee

Link to comment
Share on other sites
Haunted Dawg Newbie

Haunted Dawg

Posted
Posted

Re: Help please

Floydian you forgot to add

 

if ($_GET['newname'])
 {
    $newname = htmlentities(mysql_real_escape_string($_GET['newname']));
    mysql_query("UPDATE users SET username='{$newname}' WHERE userid='{$ir['userid']}'") or die(mysql_error());
    echo 'Your name has been changed to '.$newname.'';
    exit;
 }

 

Then it will actualy update there username using ur type.

And as for floydians function display_name_form(); here is a better one i guess:

 

function display_name_form() {
if (!isset($_POST['newname'])) {
	$_POST['newname'] = null;
}
echo <<<EOT
<form action="preferences.php" method="get">
<input type="text" name="newname" value="{$_POST['newname']}">
       <input type="submit" value="Change">
</form>
EOT;
}
Link to comment
Share on other sites
Floydian Newbie

Floydian

Posted
Posted

Re: Help please

I was focusing on how to only allow letters, numbers, spaces, and underscores. ;-)

And the function for displaying a form was purely an academic example of the logic I use in these situations. I believe it's better for people to actually code the functions themselves than to copy and paste so it was not intended to be "usable".

But thanks killah for adding that ;)

Link to comment
Share on other sites
Guest Anonymous

Guest Anonymous

Posted
Posted

Re: Help please

Personally I permit all characters, but then my validation routines are a lot more powerful than what I provide here - I also don't run from the same poor quality code-base as most people, rather I run my own engine.

@Floydian: Beginning with PHP 4.2.0 these functions are enabled by default. :"> Oops! Thanks for that - I guess I forgot to re-read the ... manual ;) (I do however run the latest stable PHP 5 on all my machines so I really should have spotted it...)

Link to comment
Share on other sites
Floydian Newbie

Floydian

Posted
Posted

Re: Help please

Nyna, I'm on top of these ctype functions, and the filter functions that were put in with php 5.2, cuz I am a slacker when it comes to regular expressions. lol

Don't even ask me to code an email regex, let alone explain how one works :D

I'm lucky to have figured out how to do the ereg_replace deal I posted as that's about the extent of my regex expertise. hehehe

Link to comment
Share on other sites
Guest Anonymous

Guest Anonymous

Posted
Posted

Re: Help please

Hehe - Well I must admit I prolly use preg_xxx() functions too much, but I am rather fond of them. In fact the new engine I'm developing uses a templated system for all pages which is "compiled" as it were in a huge preg_replace block. It's fast, it's clean, but some of the expression - oh my, what a nightmare to develop!

I remember now why I shied away from the ctype_xxx() functions - there are some OS's that have very buggy implementations of them and as my low-level API's are use in commercial environments on a large number of differing machines, regex seemed a more stable way of doing things.

From a beginners point of you - you are certainly spot on - Especially when it comes to validating email addresses : I mean, just look at the RFC regex syntax for validating an email address:

 

(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])

 

Mummy!!!

Link to comment
Share on other sites
Floydian Newbie

Floydian

Posted
Posted

Re: Help please

Wouldn't php operate the same on any system, being platform independent?

I realize some php extensions are only available for windows or linux, but it seems to me that barring those, php extensions should operate reliably anywhere :S

And that email deal, um, I'll have bad dreams about that one...

Link to comment
Share on other sites
Guest Anonymous

Guest Anonymous

Posted
Posted

Re: Help please

No PHP has some very weird oddities...

CRC32( value ) returns a different value (sometimes) depending on a) what the "value" is, and b) whether you are running on a 64-bit or 32-bit box.

That was a major headache for me for a while, as I was load-balancing web-servers across machines with different bit-sizes -- Took me ages to trace the fault. :">

There are in fact lots of areas where PHP runs differently, so I use a set of wrappers which basically hide the problematic php functions and either patch them or call my own C libraries (The advantage of having my own servers)

Plus if you drop in something like the Suhosin patch (thoroughly recommended for everybody), depending on how it's configured can cause all sorts of headaches. Drives me up the wall!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...