PHP Form Validation functions

November 6, 2009 at 12:04 pm (PHP, Regex)
Tags: , ,

Recently i have involve myself in another application development. Regular Hungred Dot Com visitors will notice that the site currently offer advertisement space through this form. But really, we as a developers are always looking for such snippets or writing them out from scratch every single time regardless of how many time we know we have store it somewhere in our laptop! Man, its really frustrating searching on Google and find all sort of solution and trying to figure out whether the regular expression implemented is expensive or complete. So i came out with an idea to ease my life a bit and other developers by putting up an article such as this for my/our references. (This can be made into a class if you like to)

Validate Email

We can perform an email validation through this function.

	function isValidEmail($email){
		return eregi('^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$', $email);
	}

PHP 5.2 and above.

function fnValidateEmail($email)
{
  return filter_var($email, FILTER_VALIDATE_EMAIL);
}

Sanitize Email

We can further sanitize our email to ensure that everything is alright.

function fnSanitizeEmaill($string) {
     return  preg_replace( '((?:\n|\r|\t|%0A|%0D|%08|%09)+)i' , '', $string );
}

PHP 5.2 and above.

function fnSanitizeEmaill($url)
{
  return filter_var($url, FILTER_SANITIZE_EMAIL);
}

Validate Email Exist

This is not possible but certain validation can be use to validate email existence.

function check_email($email)
{
	$email_error = false;
	$Email = htmlspecialchars(stripslashes(strip_tags(trim($email)))); //parse unnecessary characters to prevent exploits
	if ($Email == '') { email_error = true; }
	elseif (!eregi('^([a-zA-Z0-9._-])+@([a-zA-Z0-9._-])+\.([a-zA-Z0-9._-])([a-zA-Z0-9._-])+', $Email)) { email_error = true; }
	else {
	list($Email, $domain) = split('@', $Email, 2);
		if (! checkdnsrr($domain, 'MX')) { email_error = true; }
		else {
		$array = array($Email, $domain);
		$Email = implode('@', $array);
		}
	}

	if (email_error) { return false; } else{return true;}
}

Validate Number Only

We can use PHP built-in function to validate whether a given value is a number.

function fnValidateNumber($value)
{
	#is_ double($value);
	#is_ float($value);
	#is_ int($value);
	#is_ integer($value);
	return is_numeric($value);
}

PHP 5.2 and above.

function fnValidateNumber($value)
{
	#return filter_var($value, FILTER_VALIDATE_FLOAT); // float
	return filter_var($value, FILTER_VALIDATE_INT); # int
}

Sanitize Number

We can force all value to be only numeric by sanitize them.

function fnSanitizeNumber($str)
{
	#letters and space only
	return preg_match('/[^0-9]/', '', $str);
}

PHP 5.2 and above.

function fnSanitizeNumber($value)
{
	#return filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT); // float
	return filter_var($value, FILTER_SANITIZE_NUMBER_INT); # int
}

Validate String Only

Sometimes to validate name we can use this function to restrict only letters and spaces.

function fnSanitizeStringr($str)
{
	#letters and space only
	return preg_match('/[^A-Za-z\s ]/', '', $str);
}

Sanitize String

We can sanitize it instead of validate user input.

function fnSanitizeStringr($str)
{
	#letters and space only
	return preg_replace('/[^A-Za-z\s ]/', '', $str);
}

PHP 5.2 and above. built-in function by PHP provides a much more powerful sanitize capability.

function fnSanitizeStringr($str)
{
	return filter_var($str, FILTER_SANITIZE_STRIPPED); # only 'String' is allowed eg. '

HELLO
' => 'HELLO'
}

Validate Alphanumeric Characters

This validates alphanumeric characters.

function fnValidateAlphanumeric($string)
{
	return preg_match('/[^a-zA-Z0-9\s]/', '', $string);
}

Sanitize Alphanumeric Characters

This sanitize alphanumeric characters. eg. “HELLO! Do we have 90 idiots running around here?” => “HELLO Do we have 90 idiots running around here”

function fnSanitizeAlphanumeric($string)
{
	return preg_replace('/[^a-zA-Z0-9\s]/', '', $string);
}

Validate URL Exist

This function will check whether a given URL exist and not only validate it.

	function url_exist($url)
	{
		$url = @parse_url($url);

		if (!$url)
		{
			return false;
		}

		$url = array_map('trim', $url);
		$url['port'] = (!isset($url['port'])) ? 80 : (int)$url['port'];
		$path = (isset($url['path'])) ? $url['path'] : '';

		if ($path == '')
		{
			$path = '/';
		}

		$path .= (isset($url['query'])) ? '?$url[query]' : '';

		if (isset($url['host']) AND $url['host'] != @gethostbyname($url['host']))
		{
			if (PHP_VERSION >= 5)
			{
				$headers = @get_headers('$url[scheme]://$url[host]:$url[port]$path');
			}
			else
			{
				$fp = fsockopen($url['host'], $url['port'], $errno, $errstr, 30);

				if (!$fp)
				{
					return false;
				}
				fputs($fp, 'HEAD $path HTTP/1.1\r\nHost: $url[host]\r\n\r\n');
				$headers = fread($fp, 4096);
				fclose($fp);
			}
			$headers = (is_array($headers)) ? implode('\n', $headers) : $headers;
			return (bool)preg_match('#^HTTP/.*\s+[(200|301|302)]+\s#i', $headers);
		}
		return false;
	}

Validate URL Format

This function will validate a given url to ensure the format is correct.

function fnValidateUrl($url){
return preg_match('/^(http(s?):\/\/|ftp:\/\/{1})((\w+\.){1,})\w{2,}$/i', $url);
}

PHP 5.2 and above.

function fnValidateUrl($url)
{
  return filter_var($url, FILTER_VALIDATE_URL);
}

Sanitize URL

PHP 5.2 and above.

function fnSanitizeUrl($url)
{
  return filter_var($url, FILTER_SANITIZE_URL);
}

Validate Image Exist

This function will check whether a given image link exist and not only validate it.

	function image_exist($url) {
	if(@file_get_contents($url,0,NULL,0,1)){return 1;}else{ return 0;}
	}

Validate IP Address

This function will validate an IP address.

function fnValidateIP($IP){
	return preg_match('/^(([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$/',$IP)
}

PHP 5 and above. This can also specific validation for IPV4 or IPV6.

function fnValidateIP($ip)
{
  return filter_var($ip, FILTER_VALIDATE_IP);
}

Validate Proxy

This function will let us detect proxy visitors even those that are behind anonymous proxy.

function fnValidateProxy(){
	if ($_SERVER['HTTP_X_FORWARDED_FOR']
	   || $_SERVER['HTTP_X_FORWARDED']
	   || $_SERVER['HTTP_FORWARDED_FOR']
	   || $_SERVER['HTTP_VIA']
	   || in_array($_SERVER['REMOTE_PORT'], array(8080,80,6588,8000,3128,553,554))
	   || @fsockopen($_SERVER['REMOTE_ADDR'], 80, $errno, $errstr, 30))
	{
		exit('Proxy detected');
	}
}

Validate Username

Before we validate whether a given username is matches the one in our database, we can perform a validation check first to prevent any unnecessary SQL call.

function fnValidateUsername($username){
	#alphabet, digit, @, _ and . are allow. Minimum 6 character. Maximum 50 characters (email address may be more)
	return preg_match('/^[a-zA-Z\d_@.]{6,50}$/i', $username);
}

Validate Strong Password

Another good thing is to validate whether a particular password given by the user is strong enough. You can do that using this function which required the password to have a minimum of 8 characters, at least 1 uppercase, 1 lowercase and 1 number.

function fnValidatePassword($password){
	#must contain 8 characters, 1 uppercase, 1 lowercase and 1 number
	return preg_match('/^(?=^.{8,}$)((?=.*[A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z]))^.*$/', $password);
}

Validate US Phone Number

This function will validate US phone number for US users.

function fnValidateUSPhone($phoneNo){
	return preg_match('/\(?\d{3}\)?[-\s.]?\d{3}[-\s.]\d{4}/x', $phoneNo);
}

Validate US Postal Code

This function validate US postal code.

function fnValidateUSPostal($postalcode){
	#eg. 92345-3214
	return preg_match('/^([0-9]{5})(-[0-9]{4})?$/i',$postalcode);
}

Validate US Social Security Numbers

This function validate US Social Security Numbers.

function fnValidateUSSocialSecurityCode($ssb){
	#eg. 531-63-5334
	return preg_match('/^[\d]{3}-[\d]{2}-[\d]{4}$/',$ssn);
}

Validate Credit Card

This function validate credit card format.

function fnValidateCreditCard($cc){
	#eg. 718486746312031
	return preg_match('/^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6011[0-9]{12}|3(?:0[0-5]|[68][0-9])[0-9]{11}|3[47][0-9]{13})$/', $cc);
}

Validate Date

This is a date format MM-DD-YYYY or MM-DD-YY validation which validate from year 0000-9999.

function fnValidateDate($date){
	#05/12/2109
	#05-12-0009
	#05.12.9909
	#05.12.99
	return preg_match('/^((0?[1-9]|1[012])[- /.](0?[1-9]|[12][0-9]|3[01])[- /.][0-9]?[0-9]?[0-9]{2})*$/', $date);
}

This is a date format YYYY-DD-MM or YY-MM-DD validation which validate from year 0000-9999.

function fnValidateDate($date){
	#2009/12/11
	#2009-12-11
	#2009.12.11
	#09.12.11
	return preg_match('#^([0-9]?[0-9]?[0-9]{2}[- /.](0?[1-9]|1[012])[- /.](0?[1-9]|[12][0-9]|3[01]))*$#'', $date);
}

Validate Hexadecimal Colors

This is a good validation for people who allows their user to change color in their system.

function fnValidateColor($color){
	#CCC
	#CCCCC
	#FFFFF
	return preg_match('/^#(?:(?:[a-f0-9]{3}){1,2})$/i', $color);
}

Make Query Safe

This function help sanitize our data to be SQL injection safe.

function _clean($str){
return is_array($str) ? array_map('_clean', $str) : str_replace('\\', '\\\\', htmlspecialchars((get_magic_quotes_gpc() ? stripslashes($str) : $str), ENT_QUOTES));
}

//usage call it somewhere in beginning of your script
_clean($_POST);
_clean($_GET);
_clean($_REQUEST);// and so on..

Make Data Safe

This function help to keep us protected against XSS, JS and SQL injection by removing tags.

function _clean($str){
return is_array($str) ? array_map('_clean', $str) : str_replace('\\', '\\\\', strip_tags(trim(htmlspecialchars((get_magic_quotes_gpc() ? stripslashes($str) : $str), ENT_QUOTES))));
}

//usage call it somewhere in beginning of your script
_clean($_POST);
_clean($_GET);
_clean($_REQUEST);// and so on..

Summary

A paranoid way to perform a form validation would be to validate first then sanitize your values for precautions. If you think the above snippets were suck or you have any good or awesome snippets to share. Please throw your comment and share with us!

Author: Clay Lua

1 Comment

Top 10 Qualities of The Perfect Programmer

September 22, 2009 at 5:21 am (PHP, Programming, mysql)
Tags: ,

1. Intellect – can understand the problem, translate and express ideas in clear and readable code, has analytical and logical mind.

2. Personality – has right mixture of personal traits like detail-oriented, creative, flexible, disciplined, sociable, independent etc.

3. Expertise – knowledge and experience for solving client’s problems in the specific context with chosen technologies.

4. Motivation – cares about work, shows enthusiasm, interest and love for programming.

5. Maturity – knows and uses sound software development principles, practices and approaches as agile, design and architecture patterns, domain-driven design, unit testing, refactoring.

6. Pragmatism – understands what is possible, loves simplicity and avoids over-engineering; understands business goals, keeps touch with reality and focus on what should be done.

7. Cooperation – listens, accepts that other people could have better ideas, supports team goals without hidden agenda, shares ideas and knowledge and coach others.

8. Communication – effectively communicates and exchanges ideas, supports knowledge and decisions about the system with clear explanations, justifications and answers.

9. Potential – has professional goals, good learning skills, curiosity, adaptability and performs constant self correction.

10. Vision sees the big picture, understands context, trends and people, aligns actions with team and company implicit goals, contributes into building shared vision for the software system.

Leave a Comment

Format PHP files for neat lines / code placement

September 1, 2009 at 9:03 am (PHP)
Tags:

PHP code files work in background to power many websites and blogs (including tothepc). For wesbite visitors PHP code does not matter but ask a website developer. Proper formatting of lines in a PHP file helps in easy editing and searching for specific code. Beautify PHP is an online tool to clean PHP code formatting online.

Beautify PHP Code

Beautify PHP Code

Click browse button to select PHP code file on your computer. Select option among: plain or highlighted output and click beautify button to see PHP code in neat, properly arranged format. Beautify PHP for sure is very handy online tool for quick formatting of PHP code files, what say coders?

Author: Davinder

Leave a Comment

5 ways to write horribly ugly php code

August 19, 2009 at 6:06 am (PHP)
Tags: , ,

Editors note:Yes, this post is just a little joke. Sometimes us developers just need to vent a little bit. Please don’t actually follow the advice in this post, kittens will die if you do.

Writing quality code these days is over rated. Why learn how to write proper php and coding when you can pick up a few tutorials online and start churning out security prone vomit code? Don’t let the professional developers fool you, the only reason they don’t write crappy code is because they have nothing better to do with their time! You have places to be don’t you? So why the hell would you spend so much time learning how to properly use php‽ It’s insane!

1. Don’t worry about errors, supress them!
Headers already sent? Screw you computer! I’ll tell you about my headers and errors! Instead of turning on error reporting while in development, just turn it off completely. This way you probably won’t have to worry about any annoying errors or things of that nature. If you do happen to get one of those annoying errors, simple supress is with the @ suppressor. Stick that in front of every function call and your code should have no errors at all!

If you still can’t figure out why you are getting errors, try rearranging the order of your code, putting things and function calls into different conditional statements. Don’t worry about any of the logic getting screwed up, someone else can fix that.

2. Use indecipherable variable and function names
Why spend and waste extra time making up and writing function and variable names when you can get right to the point? It’s not like anyone but you will ever read your code, and hell, you will surely remember!

Instead of something like this:

<?php
$user_name = try_user_login();//generic function call
?>

Try something like this:

<?
$a = z();//generic function call
?>

Notice that we also saved some space by using short tags! Hell yea! Which brings me to my next point…

3. Use server specific settings
Always user short tags when writing with php. It doesn’t matter if it might not work on some poor souls server without changing some configuration file, they’re too dumb to know that short tags are teh best! Also be sure to never use the php echo function, instead use the short echo tags like so:

<?=$narwhalBaconsMidnight; ?>

4.Don’t comment anything!
Why waste time explaining why a certain class or method does what it does? Hell, we don’t even care what a class is! Save your time by not commenting anything, if someone else can’t figure out what you were trying to do, it’s not your fault, they’re just ignorant.

5. Drop those curly brackets!
Stop wasting so much space and so many lines when your writing php. Technically, the curly braces aren’t required for control structures, so there must not even be any point to them! Get rid of them now!

<?php
if($bacon === true)
    $vegan = false;
    generic_function_call();//May or may not get called, it's more fun that way!
?>

Follow these steps and you are on your way to losing your job and becoming an art major. Best of luck!

Author: Drew Douglass

Leave a Comment

Dynamically Change Width and Height in embed code

August 14, 2009 at 2:31 pm (Regex)
Tags: ,

In a recent project I was working on we had to allow the client to embed videos within the site. This had to be done using an easy-to-use customized CMS. The thought is that they can take the embed code right off the YouTube site and save it to the DB for use throughout the site.

YouTube’s default dimensions for a video are 480 x 295, but what if you need a different size of video? Obviously we don’t want to have the client fiddling around with the embed code changing the width and height attributes; so this is where I turned to using regular expressions in PHP. Take a look!

Let’s pretend the following source is what we would like to modify and it is stored in a $youtube variable:

$youtube = <<<EOF
<object width="480" height="295">
<param name="movie"
value="http://www.youtube.com/v/Xq-HRHMEmfg&hl=en&fs=1"></param>
<param name="allowFullScreen" value="true"></param>
<param name="allowscriptaccess" value="always"></param>
<embed src="http://www.youtube.com/v/Xq-HRHMEmfg&hl=en&fs=1"
type="application/x-shockwave-flash" allowscriptaccess="always"
allowfullscreen="true" width="480" height="295"></embed>
</object>
EOF;

Fixing the Problem

How can we change the width and height attributes throughout this code? There are probably numerous ways, but none quite as easy as using regular expressions. If you are unfamiliar with the basics of regular expressions I suggest checking out Regular-Expressions.info.

A PHP function that makes use of regular expressions is “preg_replace”. It allows you to use regular expressions to replace whatever matches. More details on the function can be found at PHP.NET

Creating The Function

We will be creating a function that allows you to resize any mark-up and not just YouTube videos. It will allow you to modify an elements width and height attributes as well as changes any inline styling. Below is what we get:


function resizeMarkup($markup, $dimensions)
{
$w = $dimensions['width'];
$h = $dimensions['height'];

$patterns = array();
$replacements = array();
if( !empty($w) )
{
$patterns[] = '/width="([0-9]+)"/';
$patterns[] = '/width:([0-9]+)/';

$replacements[] = 'width="'.$w.'"';
$replacements[] = 'width:'.$w;
}

if( !empty($h) )
{
$patterns[] = '/height="([0-9]+)"/';
$patterns[] = '/height:([0-9]+)/';

$replacements[] = 'height="'.$h.'"';
$replacements[] = 'height:'.$h;
}

return preg_replace($patterns, $replacements, $markup);
}

The most difficult part of the above to understand is probably the ([0-9]+) part. Let me break it down:

  1. () – wrap the value that we want to replace
  2. [0-9] – any number between and including 0 and 9
  3. + – one or more occurrences

Using the function:

We can then dynamically change the size based on the query string (?width=228&height=178)

$width = intval($_GET['width']);
$height = intval($_GET['height']);

$youtube = resizeMarkup($youtube, array(
'width'=>$width,
'height'=>$height
));
echo $youtube;

Another little feature I should quickly point out is that you don’t have to pass both height and width. For example if you want a div to dynamically change its width but stay a fixed height (YouTube caption), you can do the following:


$width = intval($_GET['width']);

$caption = <<<EOF
<div style="background:#F8EBD7;border:1px solid
444;text-align:center;width:500px;height:50px;">
commandN Episode #170
</div>
EOF;

$caption = resizeMarkup($caption, array(
'width'=>$width
));
echo $caption;

In this case, the div will remain 50px high but its width will be changed by the query string (?width=228)

Conclusion

We now have a re-usable function that allows us to use many different sizes of the same YouTube clip without making the client tinker with any code!

Author: Brenley Dueck

Leave a Comment

« Older entries