PHP 5 Advanced: Visual QuickPro Guide | Page 3

home / programming / php / php5-advanced

[previous]

UNIX Systems Administrator (IL)
Next Step Systems
US-IL-Chicago

Post A Job | Post A Resume

Developer News

OpenOffice 3.2 Lands Amid Critical Changes

Red Hat, IBM Firmly in KVM Virtualization Camp

Red Hat Talks Up Open Source Cloud Plans

Security Techniques

Script 4.1. This page both displays a registration form and processes it. The script validates the submitted data using various functions, and then reports any errors.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
    <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
    <title>Registration Form</title>
</head>
<body>
<?php # Script 4.1 - register.php

/*  This page creates a registration form
 *  which is then validated using various functions.
 */

if (isset($_POST['submitted'])) { // Handle the form.

// Store errors in an array:
    $errors = array();

// Check for non-empty name:
    if (!isset($_POST['name']) OR empty($_POST['name'])) {
        $errors[] = 'name';
    }

// Validate the email address using eregi():
    if (!eregi('^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$',
$_POST['email'])) {
        $errors[] = 'email address';
    }

// Validate the password using ctype_alnum():
    if (!ctype_alnum($_POST['pass'])) {
        $errors[] = 'password';
    }

// Validate the date of birth using check_date():
if (isset($_POST['dob']) AND
(strlen($_POST['dob']) >= 8) AND
(strlen($_POST['dob']) <= 10) ) {

// Break up the string:
    $dob = explode('/', $_POST['dob']);

// Were three parts returned?
    if (count($dob) == 3) {

// Is it a valid date?
        if (!checkdate((int) $dob[0], (int) $dob[1], (int) $dob[2])) {
            $errors[] = 'date of birth';
        }

} else { // Invalid format.
        $errors[] = 'date of birth';
    }

} else { // Empty or not the right length.
    $errors[] = 'date of birth';
}

// Validate the ICQ number using ctype_digit():
if (!ctype_digit($_POST['icq'])) {
    $errors[] = 'ICQ number';
}

// Check for non-empty comments:
if (!isset($_POST['comments']) OR empty($_POST['comments'])) {
    $errors[] = 'comments';
}

if (empty($errors)) { // Success!

// Print a message and quit the script:
    echo '<p>You have successfully registered (but not really).</p></body></html>';
    exit();

} else { // Report the errors.

echo '<p>Problems exist with the following field(s):<ul>';

foreach ($errors as $error) {
        echo "<li>$error</li>\n";
    }

echo '</ul></p>';

}

} // End of $_POST['submitted'] IF.

// Show the form.
?>
<form method="post">
<fieldset>
<legend>Registration Form</legend>
<p>Name: <input type="text" name="name" /></p>
<p>Email Address: <input type="text" name="email" /></p>
<p>Password: <input type="password" name="pass" /> (Letters and numbers only.)</p>
<p>Date of Birth: <input type="text" name="dob" value="MM/DD/YYYY" /></p>
<p>ICQ Number: <input type="text" name="icq" /></p>
<p>Comments: <textarea name="comments" rows="5" cols="40"></textarea></p>

</body>
</html>

TIPS

If possible, use the POST method in your forms. POST has a limitation in that the resulting page cannot be bookmarked, but it is far more secure and does not have the limit on transmittable data size that GET does. If a user is entering passwords, you really must use the POST method lest the password be visible.
Placing hidden values in HTML forms can be a great way to pass information from page to page without using cookies or sessions. But be careful what you hide in your HTML code, because those hidden values can be seen by viewing a page's source. This technique is a convenience, not a security measure.
Similarly, you should not be too obvious or reliant upon information PHP passes via the URL. For example, if a homepage.php page requires receipt of a user ID—and that is the only mandatory information for access to the account—someone else could easily break in (e.g., www.example.com/userhome.php?user=2 could quickly be turned into www.example.com/userhome.php?user=3, granting access to someone else's information).

Using Captcha

Popular in many of today's forms is captcha, short for "completely automated public Turing test to tell computers and humans apart" (now that's an acronym!). A captcha test displays an image with a word or some letters written in it, normally in a nonlinear fashion. In order to successfully complete the form, the text from the image has to be typed into a box. This is something a human user could do but a bot could not.

If you do want to add this feature to your own sites, using the PEAR Text_CAPTCHA package would be the easiest route. Otherwise, you could generate the images yourself using the GD library. The word on the image should be stored in a session so that it can be compared against what the user typed.

The main caveat with captcha tests is that they do restrict the visually impaired from completing that form. You should be aware of this, and provide alternatives. Personally, I think that bots can be effectively stopped by just adding another input to your form, with an easy-to-answer question (like "What is 2 + 2?"). Humans can submit the answer, whereas bots could not.

home / programming / php / php5-advanced

[previous]

The Network for Technology Professionals

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers

Solutions

Whitepapers and eBooks

Intel Whitepaper: 2010 Intel Core vPro Processors Overview
Article: Adobe Helps PHP Developers Create Rich Internet Applications
Article: Reduce Your Infrastructure Costs with Microsoft System Center
Intel Brief: Five-Star IT Support--Intel Core 2 processor with vPro Delivers ROI of 524 Percent
Article: Security Enhancements Abound in Windows Server 2008
Intel Whitepaper: Implementing Intel vPro Technology to Drive Down Client Management Costs
Microsoft Whitepaper: Improve Communications and Collaboration

Intel Article: Intel Core i5 vPro Brings Intelligence to the Processor
Microsoft Personalized Whitepapers and Resources for You
Microsoft Articles: Visual Studio 2010
Adobe Article: Java Developers Finding a Home at Adobe Flex
Microsoft Whitepaper: Make Better Decisions - SQL Server 2008 Business Intelligence.
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Micro Focus Webcast: Boosting the Impact and Effectiveness of Software Development QA and Testing
Microsoft Webcast: Simplified Access and Single Sign-On

Intel Video: 2010 Intel Core Processor Technologies
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Adobe Download: Tour de Flex Application and Explore Flex
Get Started: Create Applications Without Infrastructure Limits with the Windows Azure Platform
HP PartnerONE | SolutionsINFINITE Visit us at hp.com/partners/us

Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Free Adobe Online Flex Training: Check Out this Video Training Course Here
Develop Cloud Applications - Get Started Now with the Windows Azure Platform
Learn Unified Communications
Learn SQL Server 2008
Learn Windows Server 2008 R2
Internet.com Hot List: Get the Inside Scoop on IT and Developer Products

Join the Intel AtomDeveloper Program: Develop and sell netbook applications!
Learn Forefront
Learn System Center
All About Botnets
Learn SharePoint
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES

The latest from WebReference.com

Browse >

Installing and Using Meeplace, the Business Review CMS · Sending an HTML and Plain Text E-newsletter with ASP.NET, Part 2 · Create Multilingual Web Sites with Windows Unicode Fonts

Sitemap · Experts · Tools · Services · Email a Colleague · Contact

FREE Newsletters >

The latest from internet.com

MySql View Technique for Grouping Crosstab Column Data · Why You Need a Mobile Web Site · Tame Web Marketing with Social Media Management

URL: