Home arrow PHP arrow Page 3 - PHP Programs to Prevent MySQL Injection or HTML Form Abuse

Validating Numeric Input - PHP

It has been known for a while that if a form is unsecured, malicious code in the form of a MySQL injection will be initiated to attack the site. HTML forms such as drop down menus, search boxes and check boxes are all susceptible entry points for this type of abuse. This article will explain what happens in this kind of attack, and how to prevent it.

TABLE OF CONTENTS:
  1. PHP Programs to Prevent MySQL Injection or HTML Form Abuse
  2. The Flow of User Input (Without Validation)
  3. Validating Numeric Input
  4. Validating Text and Email Input
By: Codex-M
Rating: starstarstarstarstar / 21
January 07, 2009

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

The script below validates whether the input is a valid number from 0.001 to infinity. It's worth noting, however, that in a PHP program you can even allow a certain range of numbers to be used. Using this validating script ensures that input to that form is a number and nothing else.

Suppose that in your program there are three numeric variables; you will need to validate them, and we will name them num1, num2 and num3:


<?php

//Validate numerical input

if($_POST['num1'] >= 0.001 && $_POST['num2'] >= 0.001 && $_POST['num3'] >= 0.001)

{

}

else

{

}

?>


The AND condition can be extended to accommodate more than three numbers. So if you have 10, you will just need to expand the AND statements.

This can be used to validate a form that accepts only numbers, such as contract numbers, license numbers, telephone numbers, etc.



 
 
>>> More PHP Articles          >>> More By Codex-M
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: