+ Post New Thread
Results 1 to 11 of 11
Web Development Thread, PHP form validation in Coding and Web Development; i am currently in the process of creating a form for our sixth forms website. I have been able to ...
  1. #1
    thesk8rjesus's Avatar
    Join Date
    Sep 2008
    Posts
    107
    Thank Post
    11
    Thanked 6 Times in 6 Posts
    Rep Power
    14

    PHP form validation

    i am currently in the process of creating a form for our sixth forms website. I have been able to validate input boxes and drop down boxes which just consist of numbers between a range. but i am having a problem with validating a drop down which gets it options from a different php page i have:

    <select name="choice1_course">
    <?php
    include("courselist.php");
    ?>
    </select>

    i have my validation all set up ready to go, heres an example of my name input box:

    <input type="text" name="forename" value="<?=$fields['forename']?>" class="inputBox2" />

    if someone could please help me it would be amazing!!

    THANK YOU IN ADVANCED

  2. #2

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Do you mean validating or just parsing? More details would help, eg what is the contents of courselist.php?

  3. #3
    thesk8rjesus's Avatar
    Join Date
    Sep 2008
    Posts
    107
    Thank Post
    11
    Thanked 6 Times in 6 Posts
    Rep Power
    14
    i mean validating i want it to appear with an error if the option which is selected is 'Select Course' here is courselist.php:
    <?
    print '<option value="Select Course">Select Course</option>
    <!--A-->
    <option value="Art and Design (BTEC)">Art and Design (BTEC)</option>
    <option value="Art and Design (NVQ)">Art and Design (NVQ)</option>
    <option value="Art (Fine)">Art (Fine)</option>
    <option value="Art (Textiles)">Art (Textiles)</option>
    <!--B-->
    <option value="Beauty Therapy">Beauty Therapy</option>
    <option value="Biology">Biology</option>
    <option value="Biology (Human)">Biology (Human)</option>
    <option value="Body Treatments">Body Treatments</option>
    <option value="Business and Administration">Business and Administration</option>
    <option value="Business Studies">Business Studies</option>
    <!--C-->
    <option value="Chemistry">Chemistry</option>
    <option value="Child Care and Education">Child Care and Education</option>
    <option value="Community Sports Leadership">Community Sports Leadership</option>
    <option value="Construction and the Built Environment">Construction and the Built Environment</option>
    <option value="Construction (Trowel Occupations)">Construction (Trowel Occupations)</option>
    <option value="Critical Thinking">Critical Thinking</option>
    <option value="Customer Service">Customer Service</option>
    <!--D-->
    <option value="Design Technology (Graphic Product)">Design Technology (Graphic Product)</option>
    <option value="Design Technology (Resistant Materials)">Design Technology (Resistant Materials)</option>
    <!--E-->
    <option value="English">English</option>
    <option value="English for Speakers of Other Languages (ESOL)">English for Speakers of Other Languages (ESOL)</option>
    <option value="European Computer Driving Licence (ECDL)">European Computer Driving Licence (ECDL)</option>
    <option value="Exercise and Nutrition">Exercise and Nutrition</option>
    <!--F-->
    <option value="Film Studies">Film Studies</option>
    <option value="French">French</option>
    <!--G-->
    <option value="Geography">Geography</option>
    <option value="German">German</option>
    <option value="Government and Politics">Government and Politics</option>
    <!--H-->
    <option value="Hair and Beauty Studies">Hair and Beauty Studies</option><br />
    <option value="Hairdressing">Hairdressing</option>
    <option value="Health and Nutrition">Health and Nutrition</option>
    <option value="Health and Social Care">Health and Social Care</option>
    <option value="Health and Social Care (Double Award)">Health and Social Care (Double Award)</option>
    <option value="History">History</option>
    <!--I-->
    <option value="ICT">ICT</option>
    <!--L-->
    <option value="Law">Law</option>
    <option value="Leisure Studies">Leisure Studies</option>
    <option value="Literacy">Literacy</option>
    <!--M-->
    <option value="Mathematics">Mathematics</option>
    <option value="Media Studies">Media Studies</option>
    <option value="Music Performance">Music Performance</option>
    <option value="Music Technology">Music Technology</option>
    <!--N-->
    <option value="Nail Technology">Nail Technology</option>
    <option value="Numeracy">Numeracy</option>
    <!--P-->
    <option value="Performing Arts (Acting)">Performing Arts (Acting)</option>
    <option value="Performing Arts (Dance)">Performing Arts (Dance)</option>
    <option value="Personal Finance">Personal Finance</option>
    <option value="Photography">Photography</option>
    <option value="Professional Chef">Professional Chef</option>
    <option value="Psychology">Psychology</option>
    <option value="Public Services">Public Services</option>
    <!--R-->
    <option value="RE">RE</option>
    <option value="Retail">Retail</option>
    <!--S-->
    <option value="Science">Science</option>
    <option value="Science (Forensic Science)">Science (Forensic Science)</option>
    <option value="Society Health and Development">Society Health and Development</option>
    <option value="Sociology">Sociology</option>
    <option value="Spanish">Spanish</option>
    <option value="Sport and Exercise Science">Sport and Exercise Science</option>
    <!--T-->
    <option value="Text Processing (Business Professional)">Text Processing (Business Professional)</option>
    <option value="Travel and Tourism">Travel and Tourism</option>
    ';
    ?>

  4. #4

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Ok... and what are you doing to validate it, what doesn't work, and what error gets returned as a result?

  5. #5
    DrPerceptron's Avatar
    Join Date
    Dec 2008
    Location
    In a house
    Posts
    926
    Thank Post
    34
    Thanked 134 Times in 114 Posts
    Rep Power
    41
    Do you not need a <select> before and after your options?

    I remember validating a drop down list a long time ago and just used the name of the select tag and checked it didn't match the string you want to validate...

  6. #6

    Join Date
    Jul 2008
    Posts
    18
    Thank Post
    1
    Thanked 1 Time in 1 Post
    Rep Power
    0
    You could do this without any validation... Just by adding "disabled selected" to your option.

    For example
    PHP Code:
    print '<select><option value="Select Course" selected disabled>Select Course</option> 
    This would prevent users from even 're-selecting' the Select Course, its not totally fool proof but a start.

  7. #7

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Quote Originally Posted by craigy2302 View Post
    You could do this without any validation... Just by adding "disabled selected" to your option.

    For example
    PHP Code:
    print '<select><option value="Select Course" selected disabled>Select Course</option> 
    This would prevent users from even 're-selecting' the Select Course, its not totally fool proof but a start.
    You should always sanitize input until you're blue in the face, because it's trivial to inject nasty stuff if you don't. You can't rely on the user agent to enforce your display criteria.


    @DrPerceptron:
    Quote Originally Posted by thesk8rjesus View Post
    which gets it options from a different php page i have:

    <select name="choice1_course">
    <?php
    include("courselist.php");
    ?>
    </select>

  8. #8
    DrPerceptron's Avatar
    Join Date
    Dec 2008
    Location
    In a house
    Posts
    926
    Thank Post
    34
    Thanked 134 Times in 114 Posts
    Rep Power
    41
    Didn't read the first sentence of that post, my bad :P

  9. #9

    Join Date
    Jul 2008
    Posts
    18
    Thank Post
    1
    Thanked 1 Time in 1 Post
    Rep Power
    0
    If you add a name to the select, for example,
    HTML Code:
    <select name="options">
    Then where the form is processed, put something like

    PHP Code:
    if ($_SEVER['REQUEST_METHOD'] == "POST"){
       
    $options htmlentities($_POST['options']);

       if (
    $options == "Select Course"){
          
    // Your error message - or - kill the script
          
    die("You did not select a Course, please go back and try again");
       }

    That's a very simple validation and sanitise method.

    @powdarrmonkey: It's just as bad with "selected disabled" removed

  10. #10

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Quote Originally Posted by craigy2302 View Post
    PHP Code:
    if ($_SEVER['REQUEST_METHOD'] == "POST"){
       
    $options htmlentities($_POST['options']); 
    PHP Code:
    $_SERVER['.... 
    @powdarrmonkey: It's just as bad with "selected disabled" removed
    Of course, but I assumed that if you're going to present all options to a user, you're hopefully expecting to deal with all of them. It's not safe, however, to assume that because you haven't presented it, they haven't sent it to you.

    Checking that you have a valid option is validation, sanitation is checking that what you've got isn't dangerous. Example: if you used that response blind in a mysql SELECT statement, the first port of call for any self-respecting attacker is to inject "DROP DATABASE;", "DROP `users`", or similar into that field, which you then pass on directly to your database. Danger, Will Robinson.

    So high-level basic sanitation might include:
    1. cut the field to a sensible length, to prevent buffer-overflows
    2. clean it of scary things, like html entities and sql statements

    Then you validate it ('was this an option in the list, or has the user made it up?'), once you're sure it's safe to start handling it in the memory space of your application.

  11. #11

    Join Date
    Oct 2008
    Location
    Gosport
    Posts
    64
    Thank Post
    1
    Thanked 18 Times in 13 Posts
    Rep Power
    15
    If you want to check that the value given is one of the ones you displayed (rather than just not "Select Course"), I'd suggest that you need an array of your options available at the time of validation. So, I'd change courselist.php from
    PHP Code:
    <?
    print '<option value="Select Course">Select Course</option>
    <!--A-->
    <option value="Art and Design (BTEC)">Art and Design (BTEC)</option>
    <option value="Art and Design (NVQ)">Art and Design (NVQ)</option>
    <option value="Art (Fine)">Art (Fine)</option>
    <option value="Art (Textiles)">Art (Textiles)</option>
    ...
    to something more like
    PHP Code:
    <?
    $courseList = array( 'Select Course', 'Art and Design (BTEC)', 'Art and Design (NVQ)', 'and so on and so on');

    function renderCourseList($list) {
      foreach($list as $opt) {
        $opt = htmlspecialchars($opt);
        echo "<option value=\"$opt\">$opt</option>\n";
      }
    }
    ?>
    Then in your original file make it:
    PHP Code:
    <select name="choice1_course">
    <?php
    include('courselist.php');
    renderCourseList($courseList);
    ?>
    </select>
    (the include now means that $courseList is defined here, so we send that list off to be rendered)

    And in your validation page
    PHP Code:
    include('courselist.php');
    if( (
    $tmp array_search($_POST['choice1_course'], $courseList)) === false ) {
      
    // Your error message - or - kill the script
      
    die("Invalid Course given, please go back and try again");
    }
    else {
      
    $choice1 $courseList[$tmp]; // pick a variable name that suites you
    }

    if( 
    $choice1 == 'Select Course' ) {
      
    // Your error message - or - kill the script
      
    die("You did not select a Course, please go back and try again");

    This way you know that the value of $choice1 is something from your array, so you know that it won't have scary things (other than any you put in there yourself to make your life interesting) in it.

    Hello
    :-Dave
    Last edited by lightinthedark; 21st January 2009 at 12:13 AM. Reason: [PHP] is prettier than [code]. Also forgot to check for 'Select Course'.

SHARE:
+ Post New Thread

Similar Threads

  1. windows validation
    By strawberry in forum Windows
    Replies: 2
    Last Post: 7th May 2008, 05:24 PM
  2. Reset Windows Genuine Advantage Validation
    By FN-GM in forum Wiki Announcements
    Replies: 0
    Last Post: 26th March 2008, 11:38 PM
  3. VLK Validation Issues with WGA
    By plexer in forum IT News
    Replies: 4
    Last Post: 16th July 2007, 07:30 AM
  4. Vista OEM Validation Cracked
    By Geoff in forum Windows Vista
    Replies: 5
    Last Post: 9th March 2007, 12:44 PM
  5. Reset Windows Genuine Advantage Validation
    By Geoff in forum Scripts
    Replies: 0
    Last Post: 11th October 2006, 01:58 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •