 PHP Page 3 - PHP Programs to Prevent MySQL Injection or HTML Form Abuse |
Validating Numeric Input - PHPIt has been known for a while that if a form is unsecured, malicious code in the form of a MySQL injection will be initiated to attack the site. HTML forms such as drop down menus, search boxes and check boxes are all susceptible entry points for this type of abuse. This article will explain what happens in this kind of attack, and how to prevent it.
print this article SEARCH DEV SHED |
The script below validates whether the input is a valid number from 0.001 to infinity. It's worth noting, however, that in a PHP program you can even allow a certain range of numbers to be used. Using this validating script ensures that input to that form is a number and nothing else. Suppose that in your program there are three numeric variables; you will need to validate them, and we will name them num1, num2 and num3: <?php //Validate numerical input if($_POST['num1'] >= 0.001 && $_POST['num2'] >= 0.001 && $_POST['num3'] >= 0.001) { } else { } ?> The AND condition can be extended to accommodate more than three numbers. So if you have 10, you will just need to expand the AND statements. This can be used to validate a form that accepts only numbers, such as contract numbers, license numbers, telephone numbers, etc.
blog comments powered by Disqus |
Oracle Announces New MySQL Specialization
