| Re: Validate Radio Buttons? [message #182380 is a reply to message #182378] |
Thu, 01 August 2013 21:53   |
bill
Messages: 310
Registered: October 2010
Karma:
|
Senior Member |
|
|
On 2013-08-01 5:25 PM, Jerry Stuckle wrote:
> On 8/1/2013 4:47 PM, Twayne wrote:
>> On 2013-07-31 5:37 PM, Denis McMahon wrote:
>>> On Wed, 31 Jul 2013 15:07:17 -0400, Jerry Stuckle wrote:
>>>
>>>> On 7/31/2013 2:20 PM, Twayne wrote:
>>>
>>>> > Should one Validate Radio Buttons for an online website contact form?
>>>
>>>> Good practice means you ALWAYS validate ALL information from the user.
>>>> You may have a radio button on your form - but there is no guarantee
>>>> the
>>>> request comes on from your form.
>>>
>>> As a follow up to Jerry, radio buttons and select lists are probably the
>>> easiest elements to validate in the server side code because, by
>>> definition, you expect them to be one of a discrete set of values,
>>> and if
>>> they're not a member of that set of values, then someone is playing
>>> silly
>>> buggers.
>>
....
>
> If you don't use the data before validating it, there isn't much bad
> data can do (other than maybe a buffer overrun - which would be an
> Apache/PHP problem).
Ah! Agreed; had a short black-out there! understood.
>
>> Today I wrote a couple of functions to check things with; one for
>> nearly all data and a slightly less stringent one to allow a URL to
>> appear within a textarea.
>> the major commonly used function consists of
>> --------------
>> function checkIt_1($data)
>> $data = trim($data);
>> $data = stripslashes($data);
>> $data = strip_tags( $data);
>> $data = htmlspecialchars($data);
>> return $data;
>> -------------
>
> Why are you calling stripslashes()? You should have magic_quotes_gpc()
> off (for years now), which makes this function unnecessary (and
> potentially harmful by removing slashes it shouldn't).
Magic quotes are off; thanks for the tip. I've misunderstood something
there so I'll go recheck what stripslashes does.
>
> I'm not sure why you would want to strip the tags then encode the html
> characters, but whatever suits your needs.
>
>> With that I'm still able to read any munged text due to the function
>> although if the visitor saw it it might be pretty confusing to him. It's
>> not an issue to me though. I even run the functions on my SESSIONs data
>> when I call it in, just in case it somehow was tainted.
>>
>
> Should not be necessary on your $_SESSION array, since that never leaves
> the server. You will get back exactly what you store there.
>
>> So ... if I applied that function or one similar to it, would you
>> say I've made a step in the right direction or have I wasted my time?
>>
>
> Radio buttons need different validation - just check to see if the value
> is one of the valid ones for that particular button.
Ah, finally; I did something right!
>
>> Is the stripslashes worth the machine cycles or does it just waste
>> time?
>> I've also thought about using htmlentities but it seems a little
>> redundant. Yes?
>>
>
> See previous comments. The question is - what exactly are you trying to
> accomplish?
>
.... there's SO much junk around it's sometimes pretty
>> difficult to tell whether an author knows what he's talking about or not.
>>
>
> Yes, there are a lot of bad tutorials, recommendations and other
> documents available on the 'net - much more than there is good
> documentation.
>
>>>
....
>>>
>>
>> Arrays are probably a good idea but for me if they're not straight-up
>> 1-dimensional arrays I get easily mixed up keeping track of their
>> contents. Last time I tried I ended up leaving some holes that even I
>> knew better than to do <grin>.
>>
>
> A one-dimensional array is fine for this, and is an easy way to validate
> the value in a radio button.
>
Regards,
Twayne`
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]