The PHP Script Details (CSS.PHP) - AJAX

Note that AJAX made a request to css.php in this line (see details on the previous page):

new Ajax.Request("/cssajax/css.php",

The goals of CSS.php are twofold: receive the POST request and sanitize the inputs, and output the sanitized request to HTML (the CSS/Style).

The first thing you need to do is ensure that the fields are not empty. This can be done by:

<?php

if ((!(empty($_POST["backgroundcolor"]))) && (!(empty($_POST["fontcolor"])))) {

//fields are not empty, process the form

else {

//fields are empty, die.

Die();

}

?>

This will prevent any accident or server issues causing the form to be submitted when empty. Also, it prevents someone from trying to play with the forms.

So if the form is not empty, the next thing you need to do is receive the POST and remove spaces in the string. This can be done by:

$backgroundcolor = trim($_POST["backgroundcolor"]);

$fontcolor=trim($_POST["fontcolor"]);

The PHP TRIM command can remove spaces.

To prevent someone from playing with the forms, we will validate the inputs very carefully. One of the most important parameters to check is the number of characters in the string. All color code strings should contain 7 characters. The PHP STRLEN command can count the characters in the string. So the character count validation line will be:

$backgroundcolorcount= strlen($backgroundcolor);

$fontcolorcount= strlen($fontcolor);

Another important parameter that you need to check is the beginning character of the string. The color code should begin with the # symbol, such as: #6F3500

So to validate this parameter, you need to have PHP return the first character of the string color code input from the POST. Below are the validation lines:

$str1 = $backgroundcolor;

$str2 = $fontcolor;

$firstbackgroundcolor = $str1[0];

$firstfontcolor = $str2[0];

At this moment, you have done the following:

• Validated the number of characters in this color code string (should be 7).
  
  
• Removed spaces.
  
  
• Validated the first character of the color code string (should start with #).

One of the remaining important parameters to validate is the remaining characters; they should be alphanumeric. So for example, in this color code: #6F3500, you need to determine whether or not 6F3500 is alphanumeric. This will eliminate any possibility of injecting unwanted inputs into the form. To validate this parameter, have PHP extract the second through the seventh characters using the PHP SUBSTR function. So it will be:

$alnumbackgroundcolor = substr($backgroundcolor, -6);

$alnumfontcolor = substr($fontcolor, -6);

So for example, supposing the input variables has the following value:

$backgroundcolor=#CFFFFF;

$fontcolor=#6F3500;

The function will output:

$alnumbackgroundcolor = CFFFFF;

$alnumfontcolor = 6F3500;

So in short it will remove the # character.