[newbie] Filtering data from form?

#native_company# #native_desc#

#native_cta#

This site is best viewed in a modern browser with JavaScript enabled.

littlebigman

Hello

This is a newbie question.

What are the general things to pay attention too when handling data that were sent from a form?

The form has a few text widgets, a couple of comboboxes, a hidden text field, and two jQuery datepickers.

I was thinking of writing a loop in PHP to check for the length, and possibly the pattern using regexes.

If you know of a good pratical article that explains how to handle forms safely, I'm interested.

Thank you.

webdeveloper932

Somethings you may wanna look at when filtering form data is rather your using a database or not, personally id create a nifty little function like this

<?php
function CleanData($string,$forDb = false){
if($forDb === true){
global $conn;
if(magic_quotes_gpc() == 1){
$string = stripslashes($string);
}

return mysqli_real_escape_string($conn,trim(htmlentities($string,ENT_QUOTES,'UTF-8')));
}else{
return trim(htmlentities($string,ENT_QUOTES,'UTF-8'));
}



}

And you would use this function like this

$name = (isset($_POST['name'])) ? $_POST['name'] : false;
//Make our data clean
$name = CleanData($name,true);

as you can see i set the parameter $forDb to true only set this to true if you are inserting data into a mysql database or passing any data to mysql otherwise you can leave this blank and it will result to its default value of false. Hope this helped some.

littlebigman

Thanks for the tip. The form is just used to send an e-mail, but I will log the request in a database just for safety.