Form Validation of PHP forms

One, form security

1. Htmlspecialchars () function

Converts a special character to an HTML entity. This means that HTML characters such as < and > are replaced with < and >. This prevents attackers from exploiting the code by injecting HTML or JavaScript code (cross-site scripting attacks) into the form.

Cross-site scripting attacks (Scripting): For non-aliasing with cascading style sheets (cascading style Sheets, CSS), the cross-station scripting attack is abbreviated to XSS. A malicious attacker inserts malicious HTML code into a Web page, and when the user browses to the page, HTML code embedded inside the Web is executed to achieve the special purpose of the malicious attacker.

HTML entities: Reserved characters in HTML must be replaced with character entities. If you want to display reserved characters correctly, we must use the character entity (character entities) in the HTML source code.

Show result description Entity name entity number

	Space
<	Less than sign	<	<
>	Greater than sign	>	>
&	and number	&	&
“	Quotes	"	"
‘	Apostrophe	' (ie not supported)	'
￠	Score of	¢	¢
£	Pounds	£	£
¥	Yen	¥	¥
?	Euro	€	€
§	Section	§	§
©	Copyright	©	©
®	Registered trademarks	®	®
?	Trademark	™	™
X	Multiplication sign	X	X
÷	Division Sign	÷	÷

A simple adder (note the htmlspecialchars)

2. Create form validation function

Form Testing
 
  
 
  Name: ". $name; echo "
Email: ". $email; echo "
Website: ". $website; echo "
Comment: ". $comment;?>

Second, form must fill Field validation rules

Name	required. must contain letters and spaces.
e-mail	required. Must contain a valid e-mail address (contains @ and.).
Website	Optional. If you select, you must include a valid URL.
Comment	Optional. Multi-line Input field (text box).

  form must be filled in   
 
    
 
  Name: ". $name; echo "
Email: ". $email; echo "
Website: ". $website; echo "
Comment: ". $comment;?>  

Third, format matching

Use Regular Expressions (Regular expression) to format the data entered by the user. For more information on regular expressions, see the regular expression 30-minute introductory tutorial and the full symbolic interpretation of regular expressions.

int preg_match (String $pattern, string $subject);
Searches for a match between the subject and the regular expression given by the pattern.

Regex Quick Reference

Symbolic meaning

[ABC]	A single character:a, B or C
[^ABC]	Character but a, B, or C
[A-z]	Any single character in the range A-Z
[A-za-z]	Any single character in the range A-Z or a-Z
^	Start of Line
$	End of Line
\a	Start of String
\z	End of String
.	Any single character
\s	Any whitespace character
\s	Any non-whitespace character
\d	Any digit
\d	Any non-digit
\w	Any word character (letter, number, underscore)
\w	Any Non-word character
\b	Any word boundary character
(...)	Capture everything enclosed
(A	b
A?	Zero or one of a
A *	Zero or more of a
A +	One or more of a
A{3}	Exactly 3 of a
A{3,}	3 or more of a
a{3,6}	Between 3 and 6 of a

1. Match Name

"/^[a-za-z]*$/"
Only spaces and letters are allowed, "^" means the beginning, "$" means the end, [A-za-z] represents a A-Z or a-Z or a character in a space.

$name = Test_input ($_post["name"]), if (!preg_match ("/^[a-za-z]*$/", $name)) {  $NAMEERR = "Only allow letters and spaces! "; }

2, matching e-mail

"/([\w-]+\@[\w-]+.[ \w-]+)/"
"\w" matches any word character that includes an underscore. Equivalent to ' [a-za-z0-9_] ';
+ Match the preceding subexpression one or more times;
"-" Match "-".

3. Match URL

"/\b (?:(?: https?| FTP): \/\/|www.) [-a-z0-9+&@#\/%?=~_|!:,.;] *[-a-z0-9+&@#\/%=~_|] /I "

Iv. keep the values in the form

Principle: Embed the PHP script in the input tag.
If type= "text", then embed value= " "
If Type= "Radio", then embed

Finally, a simple login form is written:

A simple login form
 
  
 
  "; echo "Mailbox:". $email; echo "
"; echo "Password:" $PASSWD;?>

Copyright NOTICE: This article for Lshare original article, need to reprint please contact me, have questions welcome comments or private messages.

