1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Issue With Validation

Discussion in 'PHP' started by Jeremy Benson, Oct 12, 2017.

  1. #1
    I've got a live site with validation issues. Someone I know is trying to make a user account, but it's throwing error "first name incorrect format."

    I just removed a erroneous handling for city field check special characters and throwing same error as name, but not sure if that's the only error.

    $validator = new Validator;
      
        foreach($_POST as $key => $val)
        {
          
            $_POST[$key] = trim($_POST[$key]);
          
        }
      
        $validator->validate_alpha($_POST['firstName'], 'first name');
        $validator->validate_alpha($_POST['lastName'], 'last name');
      
        $validator->validate_length($_POST['firstName'], 1, 28, 'first name');
        $validator->validate_length($_POST['lastName'], 1, 28, 'last name');
        $validator->validate_length($_POST['city'], 1, 28, 'city');
        $validator->validate_length($_POST['username'], 4, 16, 'username');
        $validator->validate_length($_POST['password'], 4, 16, 'password');
        $validator->validate_length($_POST['securityAnswer'], 1, 246, 'securty answer');
        $validator->validate_email($_POST['email'], 'email');
      
        $validator->spec($_POST['firstName'], 'first name');
        $validator->spec($_POST['lastName'], 'last name');
        $validator->spec_username($_POST['username'], 'username');
        $validator->spec($_POST['password'], 4, 16, 'password');
      
        $errors = $validator->return_errors();
    Code (markup):
    These are the only functions that throw incorrect format
    SEMrush
    Email
    function validate_email($val, $key)
        {
          
            if(!filter_var($val, FILTER_VALIDATE_EMAIL))
            {
              
                array_push($this->errors, ucfirst($key) . ' incorrect format');
              
            }
          
        }
    Code (markup):
    function spec_username($val, $key)
        {
          
          
                $illegal = "`!@#$%^&*()=+[]{};'\:\"|,./<>?";
                if(strpbrk($val, $illegal))
                {
                  
                    array_push($this->errors, ucfirst($key) . ' incorrect format');
                  
                }
          
        }
    Code (markup):
    function spec_comma($val, $key)
        {
          
          
                $illegal = "`!@#$%^&*()-_=+[]{};'\:\"|./<>?";
                if(strpbrk($val, $illegal))
                {
                  
                    array_push($this->errors, ucfirst($key) . ' incorrect format');
                  
                }
          
        }
    Code (markup):
     
    Jeremy Benson, Oct 12, 2017 IP
    SEMrush
  2. SoftLink

    SoftLink Greenhorn

    Messages:
    31
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    13
    #2
    It looks like this function: spec_username
    is throwing the error.

    If the name has any of these characters in it, that will throw the error:
    `!@#$%^&*()=+[]{};'\:\"|,./<>?
    \ are escapes so they don't count.
    That includes a ' which may well be the culprit.
     
    SoftLink, Oct 12, 2017 IP
  3. deathshadow

    deathshadow Acclaimed Member

    Messages:
    8,446
    Likes Received:
    1,511
    Best Answers:
    221
    Trophy Points:
    515
    #3
    Beware that filter_var on e-mail only checks for characterspace, but NOT for valid lengths. Here, try mine.

    
    function isValidEmail($address) {
    
    	if (filter_var($address,FILTER_VALIDATE_EMAIL) == FALSE) return false;
    
    	/* explode out local and domain */
    	list($local, $domain) = explode('@', $address);
    	
    	$localLength = strlen($local);
    	$domainLength = strlen($domain);
    	
    	return (
    		/* check for proper lengths */
    		($localLength > 0 && $localLength < 65) &&
    		($domainLength > 3 && $domainLength < 256) &&
    		(
    			checkdnsrr($domain, 'MX') ||
    			checkdnsrr($domain, 'A')
    		)
    	);
    
    }
    
    Code (markup):
    Not only checks for valid characters and lengths, but that the domain has a MX or A entry. That last check can add a wee bit of overhead, but IMHO it's worth doing just so people can't type in some BS made up fairy tale domain.
     
    deathshadow, Oct 14, 2017 IP
    SoftLink likes this.