Hi all, I am stuck on this stupid problem and i don't know how to solve the problem What did I create: I created a form that posts several variables, each variable that the form posts needs to be checked to protect the DB. After the check turns out ok then the DB is updated with the value of the variable. The problem is that the variables that are optional and have no data are returned false and thus i cann't update the DB. I tried to skip the check when the variable is empty, but that doesn't work correctly. Who can help, since the form has many optional variables I'll just post one. Before i start the form: if ($_POST[voorvoegsel] == '') { $voorvoegsel = ' '; } else { $voorvoegsel = $_POST[voorvoegsel]; } PHP: The form: <form name="persoonlijk" method="post" action="persoonlijk.php"> <input type="text" name="voorvoegsel" maxsize="10"> <input type='submit' name='updaten' value='Updaten'> </form> HTML: After the button update: function anti_injection($voorvoegsel) { $verboden = array("bla", "bla"); if ($voorvoegsel != ' ') { if (eregi("[a-zA-Z0-9]+", $voorvoegsel)) { $voorvoegsel = trim(str_replace($verboden, '', strtolower($voorvoegsel))); } else { $voorvoegsel = HACK; echo "voorvoegsel:" .$voorvoegsel. "<br>"; } } $array = array('voorvoegsel'=>$voorvoegsel); if (in_array(HACK, $array)) { die ('Sorrij uw hackpoging is mislukt.'); } else { return $array; } } PHP: After this the array continously returns the HACK for this variable. Who knows what to do because i'm nearing the state of becoming crazy Thanx
Jip globals work, I allready used them on other pages. Didn't try session, but can't use it either. I am allready using them for other purposes, for login and abstracting user data from DB for the different pages.
I'm not sure but shouldn't there be quotes on the post var? $_POST['voorvoegsel'] not sure if this will solve it but was something that stood out to me.
Make sure you check that the variable is set first: isset($_POST['var']) //if the variable isn't set, this will return false Code (markup): Then you can make sure it's not empty: empty($_POST['var']) //if the variable is empty, this will return true Code (markup):
Simple ways are always the best. Advice of other functionalities of php array functions: array_key_exists, strlen But, the problem it's in the in_array(HACK,$array) As HACK it's a constant, you must define it somewhere, no? Your function will return the array if $voorvoegsel != HACK. be sure you call the function with proper parameter: anti_injection(@$_POST['voorvoegsel ']);