Follow us on Twitter!
The measure of a mans life is not how well he dies, but how well he lives.
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 25
Guests Online: 23
Members Online: 2

Registered Members: 82885
Newest Member: ConiBE
Latest Articles
View Thread

HellBound Hackers | Computer General | Programming

Page 1 of 2 1 2 >
Author

Validate Input Forms Using PHP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-10-08 20:19
Hey,

I have recently learned PHP and MySQL and have written a series of scripts many which require form input. However I haven't been validating the input data. Basically all I want to do is to check if the variables $title and $author are empty. My current code is:

Code
<?php
switch ($_GET["do"]) {
case "add":
include("dbconnect.php");
if(count($_POST) > 0) {
$title = mysql_real_escape_string(trim($_POST["title"]));
$author = mysql_real_escape_string(trim($_POST["author"]));
$sql = "INSERT INTO books(name, author) VALUES('$title', '$author')";
$result = mysql_query($sql) or die(mysql_error());
$message = "<p>Your Book Has Been Added</p>
<br/ >
<a href='index.php'>Go Back</a>
"; }
$title = "<h1>Add Book</h1>";
$html = "<form action='index.php?do=add' method='post'>
<p><strong>Book Title:</strong> <input type='text' name='title' /></p>
<p><strong>Author Name:</strong> <input type='text' name='author' /></p>
<p><input type='submit' value='Add Book' /></p>
</form>";
break;
default:
include("dbconnect.php");
$title = "<h1>Books I Own</h1>";
$html = "
<a href='index.php?do=add'>Add Books</a> | <a href='index.php?do=delete'>Delete Books</a>
<br />
<br />
<table border= 1>
<th>ID</th>
<th>Book Name</th>
<th>Author</th>";
$sql = "SELECT * FROM books";
$result = mysql_query($sql) or die(mysql_error());
while($row = mysql_fetch_array($result)) {
$html .= "<tr><td>".$row['id']."</td><td>".$row['name']."</td><td>".$row['author']."</td></tr>";
}
$html .= "</table>";
break;
}
?>
<html>
<head><title>Books I Own</title></head>
<body>
<?php
print $title;
print $message;
print $html;
?>
</body>
</html>




Your probably thinking damn thats some crap code but hey I am new :)
Author

RE: Validate Input Forms Using PHP

yours31f
Member



Posts: 1678
Location: Dallas Texas
Joined: 27.04.07
Rank:
Elite
Posted on 20-10-08 20:22
why not use the isset command?


Debugging is what programmers do to beta software to make it take up more room on your hard drive if it is running too efficiently.


img259.imageshack.us/img259/3713/sigr.png



Edited by yours31f on 20-10-08 20:23
yours31f@live.com yours31f@yahoo.com rpwd.info
Author

RE: Validate Input Forms Using PHP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-10-08 20:25
http://www.php.ne. . .


Author

RE: Validate Input Forms Using PHP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-10-08 21:06
Sorry to be a pest but could you be kind enough to add this into my code as I am having a problem.
Author

RE: Validate Input Forms Using PHP

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 20-10-08 21:10
PHPDan wrote:
Sorry to be a pest but could you be kind enough to add this into my code as I am having a problem.


What's the problem? Post errors.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: Validate Input Forms Using PHP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-10-08 21:14
Just replace your if conditional with a test for "not empty(variable)" for both the variables you're testing. Join the tests with &&. Basic PHP knowledge; if you don't possess knowledge of conditionals, you definitely need to learn that before continuing.


Author

RE: Validate Input Forms Using PHP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-10-08 21:25
like:

Code
if(empty($_POST["title"]) && empty($_POST["author"])) {
$message = "test"; } else {
$sql = "INSERT INTO books(name, author) VALUES('$title', '$author')";
$result = mysql_query($sql) or die(mysql_error());
$message = "<p>Your Book Has Been Added</p>
<br/ >
<a href='index.php'>Go Back</a>
"; }


Author

RE: Validate Input Forms Using PHP

hellboundhackersok
Member



Posts: 353
Location:
Joined: 20.09.07
Rank:
Moderate
Warn Level: 95
Posted on 20-10-08 21:29
Code
if($_POST["replace"] != '' && $_POST["replace"] != '')
{
//do whatever if it's not equal to blank space
}
else
{
//do something if it is equal to blank space
}





i.imgur.com/qBWHo0R.png


Edited by hellboundhackersok on 20-10-08 21:33
Author

RE: Validate Input Forms Using PHP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-10-08 21:29
Close. Put ! in front of the empty function for each... you're testing for "not empty", not "empty".


Author

RE: Validate Input Forms Using PHP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-10-08 21:32
Thanks guys I have now got it working Smile Now I need some more challenges, anyone got any?
Author

RE: Validate Input Forms Using PHP

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 20-10-08 21:32
hellboundhackersok wrote:
Some code


Hiya. Coding standards would like to have a word with you.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: Validate Input Forms Using PHP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-10-08 21:36
PHPDan wrote:
Thanks guys I have now got it working Smile Now I need some more challenges, anyone got any?

Do #3 on this page:
http://www.hellbo. . ./index.php


Author

RE: Validate Input Forms Using PHP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-10-08 21:37
spyware wrote:
hellboundhackersok wrote:
Some code


Hiya. Coding standards would like to have a word with you.


Ha ha im just starting with PHP but I to thought his code was a bit messed up.
Author

RE: Validate Input Forms Using PHP

hellboundhackersok
Member



Posts: 353
Location:
Joined: 20.09.07
Rank:
Moderate
Warn Level: 95
Posted on 20-10-08 21:42
spyware wrote:
hellboundhackersok wrote:
Some code


Hiya. Coding standards would like to have a word with you.



Edit: fine... I'll use empty().. I guess I'm just too used to being a completely 1337 C++ coder... or not...?


i.imgur.com/qBWHo0R.png


Edited by hellboundhackersok on 20-10-08 21:53
Author

RE: Validate Input Forms Using PHP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-10-08 21:47
hellboundhackersok wrote:
spyware wrote:
hellboundhackersok wrote:
Some code


Hiya. Coding standards would like to have a word with you.


ahah I don't really want to clean my code =D

Dan: he was talking to me :angry:


I know........
Author

RE: Validate Input Forms Using PHP

hellboundhackersok
Member



Posts: 353
Location:
Joined: 20.09.07
Rank:
Moderate
Warn Level: 95
Posted on 20-10-08 21:48
PHPDan wrote:
hellboundhackersok wrote:
spyware wrote:
hellboundhackersok wrote:
Some code


Hiya. Coding standards would like to have a word with you.


ahah I don't really want to clean my code =D

Dan: he was talking to me :angry:


I know........


whoa I totally read what you type wrong. whatever.


i.imgur.com/qBWHo0R.png
Author

RE: Validate Input Forms Using PHP

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 20-10-08 21:56
hellboundhackersok wrote:
Edit: fine... I'll use empty().. I guess I'm just too used to being a completely 1337 C++ coder... or not...?


In C++ you would use Var.empty().



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: Validate Input Forms Using PHP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-10-08 22:02
PHPDan wrote:
Ha ha im just starting with PHP but I to thought his code was a bit messed up.

No offense, but that is a bit presumptuous of you. His code was incomplete for the exact need specified but, as it was, it would've solved your problem. Testing a string for != '' and testing a string with !empty() are synonymous when looking for empty strings. However, empty will also capture null values, which is essential for testing MySQL DB values for empty / null values.

Basically, it can be boiled down to this:

1. != is fine for testing for '' only (an empty string).
2. empty() is good for testing for both an empty string and a null value.
3. isset() is meant to test the existence of a variable... if a value is not POSTed at all, it will fail this. If it is POSTed, it will possibly pass this; this is not a good way to test for empty POST values.


Author

RE: Validate Input Forms Using PHP

hellboundhackersok
Member



Posts: 353
Location:
Joined: 20.09.07
Rank:
Moderate
Warn Level: 95
Posted on 20-10-08 22:02
well I was taught to use if (var != "") {//whatever}... Using empty() what Includes do you need? ... actually Just googled it:

nevermind, thanks!

and thanks Zephyr_Pure for clarifying that to ..us..:p


i.imgur.com/qBWHo0R.png


Edited by hellboundhackersok on 20-10-08 22:14
Author

RE: Validate Input Forms Using PHP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-10-08 22:24
Zephyr_Pure wrote:
PHPDan wrote:
Ha ha im just starting with PHP but I to thought his code was a bit messed up.

No offense, but that is a bit presumptuous of you. His code was incomplete for the exact need specified but, as it was, it would've solved your problem. Testing a string for != '' and testing a string with !empty() are synonymous when looking for empty strings. However, empty will also capture null values, which is essential for testing MySQL DB values for empty / null values.

Basically, it can be boiled down to this:

1. != is fine for testing for '' only (an empty string).
2. empty() is good for testing for both an empty string and a null value.
3. isset() is meant to test the existence of a variable... if a value is not POSTed at all, it will fail this. If it is POSTed, it will possibly pass this; this is not a good way to test for empty POST values.


Thanks for the information. I am now planning my CMS.
Page 1 of 2 1 2 >