code snippets: associated with form prccessing in site v.1

First, get the user submitted strings:

// Initialize $tag and $state.
if ( isset($_POST[submit']) AND (($_POST['submit'] == "Edit vehicle data")
   OR ($_POST['submit'] == "Retrieve vehicle data")) ) {

  // Initialize $tag and $state.
  if ( isset($_POST['tag']) ) {
    $tag = $_POST['tag'];
  } else {
    $tag = "";
  }
  if ( isset($_POST['state']) ) {
    $state = $_POST['state'];
  } else {
    $state = "";
  }

Before I validate (user submitted strings) I’ll want to make sure they’ve had no slashes added.

// If magic quotes is on I'll stripslashes.
if ( get_magic_quotes_gpc() ) {
   $tag = stripslashes($tag);
   $state = stripslashes($state);
}

You’ll also want to trim whitespace.

// Trim white space.
$tag = trim($tag);
$state = trim($state);

Verify string is not too long:

if ( strlen($state) > 12 OR strlen($tag) > 20 ) { return false; }

Verify string is not empty:

if ( empty($state) OR empty($tag) )  { return false; }

If the rest of the script assumes field string values are ready for input into the database then add slashes.

// addslashes
$tag = addslashes($tag);
$state = addslashes($state);

To handle the case where no strings were posted (in other words an anomaly caused this script to run instead of the proper form being submitted):

} else {
  die('Script aborted #12580. -Programmer.');
}

Example of making sure we arrived here properly:

// I don't want to rely on registered_globals
if (!IsSet($_POST['submit']) || $_POST['submit'] != 'Login')
{
  $submit = "";
} else {
  $submit = $_POST['submit'];
}
Advertisements

About samehramzylabib

See About on https://samehramzylabib.wordpress.com
This entry was posted in PHP Code Snippets, PHP Form Processing and tagged , , , . Bookmark the permalink.

Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s