Home arrow PHP arrow Page 2 - Secure Encrypting and Decrypting for Your PHP Website

Taking Advantage of PEAR: Validate - PHP

In this conclusion to a three-part series on secure PHP programming, you'll learn how to validate inputs, handle hashing, use the MCrypt package, and more. This article is excerpted from chapter 21 of the book Beginning PHP and Oracle: From Novice to Professional, written by W. Jason Gilmore and Bob Bryla (Apress; ISBN: 1590597702).

TABLE OF CONTENTS:
  1. Secure Encrypting and Decrypting for Your PHP Website
  2. Taking Advantage of PEAR: Validate
  3. Data Encryption
  4. The MCrypt Package
By: Apress Publishing
Rating: starstarstarstarstar / 1
August 26, 2010

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

While the functions described in the preceding section work well for stripping potentially malicious data from user input, what if you want to verify whether the provided data is a valid e-mail address (syntactically), or whether a number falls within a specific range? Because these are such commonplace tasks, a PEAR package called Validate can perform these verifications and more. You can also install additional rules for validating the syntax of localized data, such as an Australian phone number, for instance.

Installing Validate

To take advantage of Validate ís features, you need to install it from PEAR. Therefore, start PEAR and pass along the following arguments:

%>pear install -a Validate-0.6.5

--------------------------------------------
Starting to download Validate-0.6.5.tgz (16,296 bytes)
......done: 16,296 bytes
downloading Date-1.4.6.tgz ...
Starting to download Date-1.4.6.tgz (53,535 bytes)
...done: 53,535 bytes
install ok: channel://pear.php.net/Date-1.4.6
install ok: channel://pear.php.net/Validate-0.6.5
--------------------------------------------

The -a will result in the optional package dependency Date , also being installed. If you donít plan on validating dates, you can omit this option. Also, in this example the version number is appended to the package; this is because at the time this was written, Validate was still in a beta state. Once it reaches a stable version there will be no need to include the version number.

Validating a String

Some data should consist only of numeric characters, alphabetical characters, a certain range of characters, or maybe even all uppercase or lowercase letters. You can validate such rules and more using Validate ís string() method:

<?php
   
// Include the Validate package
   
require_once "Validate.php";

    // Retrieve the provided username
   
$username = $_POST['username'];

    // Instantiate the Validate class
    $validate = new Validate();

    // Determine if address is valid
    if($validate->string($username, array("format" => VALIDATE_ALPHA,
                         "min_length"=> "3", "max_length" => "15")))
        echo "Valid username!";
    else
        echo "The username must be between 3 and 15 characters in length!";
?>

Validating an E-mail Address

Validating an e-mail addressís syntax is a fairly difficult matter, requiring the use of a somewhat complex regular expression. The problem is compounded with most usersí lack of understanding regarding what constitutes a valid address. For example, which of the following three e-mail addresses are invalid?

john++ilove-pizza@example.com

john&sally4ever@example.com

i.brake4_pizza@example.co.uk

You might be surprised to learn theyíre all valid! If you donít know this and attempt to implement an e-mail validation function, itís possible you could prevent a perfectly valid e-mail address from being processed. Why not leave it to the Validate package? Consider this example:

<?php 

    // Include the Validate package
   
require_once "Validate.php";

    // Retrieve the provided e-mail address
   
$email = $_POST['email'];

    // Instantiate the Validate class
   
$validate = new Validate();

    // Determine if address is valid
    if($validate->email($email))
        echo "Valid e-mail address!";
    else
        echo "Invalid e-mail address!";
?>

You can also determine whether the address domain exists by passing the option check_domain as a second parameter to the email() method, like this:

$validate->email($email, array("check_domain" => 1));



 
 
>>> More PHP Articles          >>> More By Apress Publishing
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: