I've got a live site with validation issues. Someone I know is trying to make a user account, but it's throwing error "first name incorrect format." I just removed a erroneous handling for city field check special characters and throwing same error as name, but not sure if that's the only error. $validator = new Validator; foreach($_POST as $key => $val) { $_POST[$key] = trim($_POST[$key]); } $validator->validate_alpha($_POST['firstName'], 'first name'); $validator->validate_alpha($_POST['lastName'], 'last name'); $validator->validate_length($_POST['firstName'], 1, 28, 'first name'); $validator->validate_length($_POST['lastName'], 1, 28, 'last name'); $validator->validate_length($_POST['city'], 1, 28, 'city'); $validator->validate_length($_POST['username'], 4, 16, 'username'); $validator->validate_length($_POST['password'], 4, 16, 'password'); $validator->validate_length($_POST['securityAnswer'], 1, 246, 'securty answer'); $validator->validate_email($_POST['email'], 'email'); $validator->spec($_POST['firstName'], 'first name'); $validator->spec($_POST['lastName'], 'last name'); $validator->spec_username($_POST['username'], 'username'); $validator->spec($_POST['password'], 4, 16, 'password'); $errors = $validator->return_errors(); Code (markup): These are the only functions that throw incorrect format Email function validate_email($val, $key) { if(!filter_var($val, FILTER_VALIDATE_EMAIL)) { array_push($this->errors, ucfirst($key) . ' incorrect format'); } } Code (markup): function spec_username($val, $key) { $illegal = "`!@#$%^&*()=+[]{};'\:\"|,./<>?"; if(strpbrk($val, $illegal)) { array_push($this->errors, ucfirst($key) . ' incorrect format'); } } Code (markup): function spec_comma($val, $key) { $illegal = "`!@#$%^&*()-_=+[]{};'\:\"|./<>?"; if(strpbrk($val, $illegal)) { array_push($this->errors, ucfirst($key) . ' incorrect format'); } } Code (markup):
It looks like this function: spec_username is throwing the error. If the name has any of these characters in it, that will throw the error: `!@#$%^&*()=+[]{};'\:\"|,./<>? \ are escapes so they don't count. That includes a ' which may well be the culprit.
Beware that filter_var on e-mail only checks for characterspace, but NOT for valid lengths. Here, try mine. function isValidEmail($address) { if (filter_var($address,FILTER_VALIDATE_EMAIL) == FALSE) return false; /* explode out local and domain */ list($local, $domain) = explode('@', $address); $localLength = strlen($local); $domainLength = strlen($domain); return ( /* check for proper lengths */ ($localLength > 0 && $localLength < 65) && ($domainLength > 3 && $domainLength < 256) && ( checkdnsrr($domain, 'MX') || checkdnsrr($domain, 'A') ) ); } Code (markup): Not only checks for valid characters and lengths, but that the domain has a MX or A entry. That last check can add a wee bit of overhead, but IMHO it's worth doing just so people can't type in some BS made up fairy tale domain.