Archive for the ‘Web design and code refactoring’ Category

Form validation made easy

September 19, 2009

PHP Form validation.

This tutorial requires a basic understanding of PHP especially PHP arrays and PHP function. If you do not already have that, you may check online for PHP beginners’ tutorials.

In this tutorial, we will be creating a simple PHP form validation function that will validate any number of passed-in parameters and return multiple values.

Real World Scenario.

Imagine creating a simple website with 4 different forms; where all four forms have different number of form elements.  Will you create four different functions to validate all four forms? Here, we will create one function that will validate all four forms and any other form you may create on the website. The simple logic behind this is creating a function that can accept any number of parameters and also return multiple values.

As a security analyst, I strongly believe the first step in developing a secure website/ web application is organizing your codes; this way it will be easy to manage and implement security controls or even extend your application without complications.

 I also believe that managing your codes is made easy by “using less codes to achieve the best results”; To this end, one of my major hobbies now include trying to optimize codes/ scripts, to re-write scripts using less codes and getting optimal results.

As stated above we will be creating a flexible form validation function that can be used to validate any form.

The code

Functions accept parameter (variables, strings, arrays etc), for this tutorial and to achieve our objective, we will pass in an array.

function returnvalue($a=array()){

 

}

Here we used an empty array; to enable the function accept any number of elements as we may choose later.

The next stage, we will write a simple line of code that will enable the function read the number of parameters passed. We achieve this with the code below:

for($i=0;$i<count($a);$i++){

The line of code above uses the FOR statement to iterate through the elements of the array- the parameters passed in and helps us evaluate the actual number of parameters passed into the function; which means you can pass in 2,3,4 or even more parameters.

The next step will be to create a line of code that will validate the parameter passed in. The parameters may be inputs from a form, URL etc.

For the purpose of this tutorial we achieve this validation process using the HTMLENTITIES statement (you may check online for tutorials relating to the PHP HTMLENTITIES statement).

The line of code will be:

htmlentities($a[$i]) ;

(You may also choose to create a more elaborate validation script/ code block).

However, to completely achieve our aim, we have to apply a bit of logic to our validation process.

  1. We will have to pass the validated values into a new array.
  2. The new array will have to be declared / initialized before the FOR statement.

Adding the above, our code so far will look like this:

function returnvalue($value=array()) {

                $new_value = array();

                for($i=0;$i<count($value);$i++){

                                $ new_value [$i]= htmlentities($value [$i]);

 

At this point, we have named our function, passed in an empty array which will hold any number of elements we pass into the function, we have also created a new array which will hold the validated values and finally we have used the FOR statement to iterate over the array using the HTMLENTITIES statement  to validate every element of the array.

The next step, as you may have predicted will be to return the validated values. We achieve this by returning our newly created array ($new_array).

Our finished function will look like this:

function returnvalue($a=array()) {

                $b=array();  //the new array that will hold validated values

                for($i=0;$i<count($a);$i++){       

                $b[$i]=mysql_real_escape_string(htmlentities(htmlentities($a[$i])));

                }

return $b;

                }

Getting the returned values

With the function above, you may then pass any number of parameters into the array and use the LIST statement to grab the returned values. This is how it can be done:

LIST($val1,$val2,$val3…. $valX) = function_name(array($para1,$para2,$para3……..$paraX)).

In this example we will use:

LIST($output,$output2,$output3)=returnvalue($a=array($input1,$input2,$input3));

 

You may ECHO the returned values:

echo $output1.”<br>”;

echo $output2.”<br>”;

echo $output3.”<br>”;

Remember to locate or assign the input variables/ parameters.

 

So far, we have created a simple validation function that can accept any number of parameters and return multiple values. This can be used to grab and validate form inputs, url inputs etc. You may expand the function as you may choose.

The finished code below can be tested.

<?php

//assign values to the parameters you will pass into the function

$input1=”name”;

$input2=”email’>”; // I added to characters (‘>) to email, to test the validation

$input3=”phone”;

 

//the function

 

function returnvalue($a=array()) {

                $b=array();  //the new array that will hold validated values

                for($i=0;$i<count($a);$i++){       

                $b[$i]=mysql_real_escape_string(htmlentities(htmlentities($a[$i])));

                }

return $b;

                }

//call the function and display output

 

LIST($output1,$output2,$output3)=returnvalue($a=array($input1,$input2,$input3));

echo $output1.”<br>”;

echo $output2.”<br>”;

echo $output3.”<br>”;

?>

Posted in Web design and code refactoring | Leave a Comment »