Form Validation of PHP forms

Source: Internet
Author: User
One, form security

1. Htmlspecialchars () function

Converts a special character to an HTML entity. This means that HTML characters such as < and > are replaced with < and >. This prevents attackers from exploiting the code by injecting HTML or JavaScript code (cross-site scripting attacks) into the form.

Cross-site scripting attacks (Scripting): For non-aliasing with cascading style sheets (cascading style Sheets, CSS), the cross-station scripting attack is abbreviated to XSS. A malicious attacker inserts malicious HTML code into a Web page, and when the user browses to the page, HTML code embedded inside the Web is executed to achieve the special purpose of the malicious attacker.

HTML entities: Reserved characters in HTML must be replaced with character entities. If you want to display reserved characters correctly, we must use the character entity (character entities) in the HTML source code.

Show result description Entity name entity number
Space
< Less than sign < <
> Greater than sign > >
& and number & &
Quotes " "
Apostrophe ' (ie not supported) '
Score of ¢ ¢
£ Pounds £ £
¥ Yen ¥ ¥
? Euro
§ Section § §
© Copyright © ©
® Registered trademarks ® ®
? Trademark
X Multiplication sign X X
÷ Division Sign ÷ ÷

A simple adder (note the htmlspecialchars)

 
  

2. Create form validation function

Form Testing
 
  
 
  Name: ". $name; echo "
Email: ". $email; echo "
Website: ". $website; echo "
Comment: ". $comment;?>
Second, form must fill Field validation rules
Name required. must contain letters and spaces.
e-mail required. Must contain a valid e-mail address (contains @ and.).
Website Optional. If you select, you must include a valid URL.
Comment Optional. Multi-line Input field (text box).
  form must be filled in   
 
    
 
  Name: ". $name; echo "
Email: ". $email; echo "
Website: ". $website; echo "
Comment: ". $comment;?>
Third, format matching

Use Regular Expressions (Regular expression) to format the data entered by the user. For more information on regular expressions, see the regular expression 30-minute introductory tutorial and the full symbolic interpretation of regular expressions.

int preg_match (String $pattern, string $subject);
Searches for a match between the subject and the regular expression given by the pattern.

Regex Quick Reference

Symbolic meaning
[ABC] A single character:a, B or C
[^ABC] Character but a, B, or C
[A-z] Any single character in the range A-Z
[A-za-z] Any single character in the range A-Z or a-Z
^ Start of Line
$ End of Line
\a Start of String
\z End of String
. Any single character
\s Any whitespace character
\s Any non-whitespace character
\d Any digit
\d Any non-digit
\w Any word character (letter, number, underscore)
\w Any Non-word character
\b Any word boundary character
(...) Capture everything enclosed
(A b
A? Zero or one of a
A * Zero or more of a
A + One or more of a
A{3} Exactly 3 of a
A{3,} 3 or more of a
a{3,6} Between 3 and 6 of a

1. Match Name

"/^[a-za-z]*$/"
Only spaces and letters are allowed, "^" means the beginning, "$" means the end, [A-za-z] represents a A-Z or a-Z or a character in a space.

$name = Test_input ($_post["name"]), if (!preg_match ("/^[a-za-z]*$/", $name)) {  $NAMEERR = "Only allow letters and spaces! "; }

2, matching e-mail

"/([\w-]+\@[\w-]+.[ \w-]+)/"
"\w" matches any word character that includes an underscore. Equivalent to ' [a-za-z0-9_] ';
+ Match the preceding subexpression one or more times;
"-" Match "-".

3. Match URL

"/\b (?:(?: https?| FTP): \/\/|www.) [-a-z0-9+&@#\/%?=~_|!:,.;] *[-a-z0-9+&@#\/%=~_|] /I "

Iv. keep the values in the form

Principle: Embed the PHP script in the input tag.
If type= "text", then embed value= " "
If Type= "Radio", then embed

Finally, a simple login form is written:

A simple login form
 
  
 
  "; echo "Mailbox:". $email; echo "
"; echo "Password:" $PASSWD;?>

Copyright NOTICE: This article for Lshare original article, need to reprint please contact me, have questions welcome comments or private messages.

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.