Home Accessibility Courses Twitter The Mouth Facebook Resources Site Map About Us Contact
Python and Tcl - public course schedule [here]
Private courses on your site - see [here]
Please ask about maintenance training for Perl, PHP, Lua, etc
Filtering PHP form inputs - three ways, but which should you use?

There's a vital need to validate user inputs in PHP - to make sure that users have put something sensible into the boxes on your forms. And there are multiple ways of doing this:

a) You can check the incoming strings against regular expressions. In the old days you may have used the ereg functions, but these days you would use preg functions - slighly more complex, but more powerful and quicker. And the ereg functions have been deprecated. Using regular expressions, you need to define yourself what a particular string should look like - so you have a great flexibility

b) From PHP 5.2, you can use the filter_var function to filter what's in a variable. It will return FALSE if there's no match, or the value that the variable contains if it does match. For example, "does $sample contain an integer?":
  $result = filter_var($sample, FILTER_VALIDATE_INT);
And (sample program [here]) you get results like:
  Looking at 404
  Integer result - 404

  Looking at Graham Ellis
  NOT an Integer

c) If you're using the Zend Framework, there's a validation element available within each form component / widget and you can use that to check is the form have been validly filled in.

So - which of these should you use? If you're using the MVC (Model View Controller) approach, using the Zend Framework, then it's logical to use the functions that are provided by the framework. For major systems, some sort of framework is an excellent idea - whether you use Zend, one of the others, or routines that you write yourself (your own framework) is up to you. If you use your own, then you'll be coding one of the other two options, once only, within your own framework setup as part of your standard.

filter_var is an excellent tool to use for checking specific types - email addreses, integers, IP addresses and the like; they're coded into PHP's functions so you san save yourself a great deal of work in formulating regular expressions, and you know they'll be updated and maitained with future releases as standards may change, rather than you having to update regular expressions yourself.

For the application-specific cases (and that include things like UK postcodes), you can either use preg routines directly, or you can flag filter_var to work with regular expressions, and pass them in.
(written 2012-11-18, updated 2012-11-24)

Associated topics are indexed as below, or enter http://melksh.am/nnnn for individual articles
H110 - PHP - HTML Web Page Data Handling
  [3036] Sending out an email containing HTML from within a PHP page - (2010-11-07)
  [2135] What features does this visitors browser support? (PHP) - (2009-04-22)
  [2107] How to tweet automatically from a blog - (2009-03-28)
  [2046] Finding variations on a surname - (2009-02-17)
  [2025] Injection Attack if register_globals in on - PHP - (2009-02-04)
  [1831] Text formating for HTML, with PHP - (2008-10-11)
  [1169] Emailing as HTML (Web Page) - PHP example - (2007-04-30)
  [1136] Buffering output - why it is done and issues raised in Tcl, Perl, Python and PHP - (2007-04-06)
  [1053] Sorting people by name in PHP - (2007-01-26)
  [1001] .pdf files - upload via PHP, store in MySQL, retrieve - (2006-12-19)
  [896] PHP - good coding practise and sticky radio buttons - (2006-10-17)
  [789] Hot answers in PHP - (2006-07-02)
  [589] Robust PHP user inputs - (2006-02-03)
  [50] Current cost in your local currency - (2004-09-16)

H115 - Designing PHP-Based Solutions: Best Practice
  [4691] Real life PHP application using our course training MVC example - (2016-06-05)
  [4641] Using an MVC structure - even without a formal framework - (2016-02-07)
  [4326] Learning to program - comments, documentation and test code - (2014-11-22)
  [4118] We not only teach PHP and Python - we teach good PHP and Python Practice! - (2013-06-18)
  [4069] Even early on, separate out your program from your HTML! - (2013-04-25)
  [3820] PHP sessions - a best practice teaching example - (2012-07-27)
  [3813] Injection Attacks - PHP, SQL, HTML, Javascript - and how to neutralise them - (2012-07-22)
  [3539] Separating program and artwork in PHP - easier maintainance, and better for the user - (2011-12-05)
  [2679] How to build a test harness into your PHP - (2010-03-16)
  [2430] Not just a PHP program - a good web application - (2009-09-29)
  [2221] Adding a newsfeed for your users to a multipage PHP application - (2009-06-06)
  [2199] Improving the structure of your early PHP programs - (2009-05-25)
  [1794] Refactoring - a PHP demo becomes a production page - (2008-09-12)
  [1694] Defensive coding techniques in PHP? - (2008-07-02)
  [1623] PHP Techniques - a workshop - (2008-04-26)
  [1533] Short and sweet and sticky - PHP form input - (2008-02-06)
  [1490] Software to record day to day events and keep an action list - (2007-12-31)
  [1487] Efficient PHP applications - framework and example - (2007-12-28)
  [1482] A story about benchmarking PHP - (2007-12-23)
  [1391] Ordnance Survey Grid Reference to Latitude / Longitude - (2007-10-14)
  [1390] Converting from postal address to latitude / longitude - (2007-10-13)
  [1389] Controlling and labelling Google maps via PHP - (2007-10-13)
  [1381] Using a MySQL database to control mod_rewrite via PHP - (2007-10-06)
  [1323] Easy handling of errors in PHP - (2007-08-27)
  [1321] Resetting session based tests in PHP - (2007-08-26)
  [1194] Drawing hands on a clock face - PHP - (2007-05-19)
  [1182] Painting a masterpiece in PHP - (2007-05-10)
  [1181] Good Programming practise - where to initialise variables - (2007-05-09)
  [1166] Back button - ensuring order are not submitted twice (PHP) - (2007-04-28)
  [1052] Learning to write secure, maintainable PHP - (2007-01-25)
  [1047] Maintainable code - some positive advice - (2007-01-21)
  [945] Code quality counts - (2006-11-26)
  [936] Global, Superglobal, Session variables - scope and persistance in PHP - (2006-11-21)
  [839] Reporting on the 10 largest files or 10 top scores - (2006-08-20)
  [572] Giving the researcher power over database analysis - (2006-01-22)
  [563] Merging pictures using PHP and GD - (2006-01-13)
  [426] Robust checking of data entered by users - (2005-08-27)
  [394] A year on - should we offer certified PHP courses - (2005-07-28)
  [340] Code and code maintainance efficiency - (2005-06-08)
  [261] Putting a form online - (2005-03-29)
  [237] Crossfertilisation, PHP to Python - (2005-03-06)
  [123] Short underground journeys and a PHP book - (2004-11-19)

  Previous and next
Horse's mouth home
Some other Articles
posts, page by page

This is a page archived from The Horse's Mouth at http://www.wellho.net/horse/ - the diary and writings of Graham Ellis. Every attempt was made to provide current information at the time the page was written, but things do move forward in our business - new software releases, price changes, new techniques. Please check back via our main site for current courses, prices, versions, etc - any mention of a price in "The Horse's Mouth" cannot be taken as an offer to supply at that price.

Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2019: 404 The Spa • Melksham, Wiltshire • United Kingdom • SN12 6QL
PH: 01225 708225 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho

PAGE: http://www.wellho.net/mouth/3926_Fil ... -use-.html • PAGE BUILT: Sat May 27 16:49:10 2017 • BUILD SYSTEM: WomanWithCat