3 replies to this topic

[Alex_j]

Hi, I need to validate this code, how can i do this? What sort of things should I include and how? Also what would be better client side first then server side?

<?php

        $con = mysql_connect("localhost","db","password");
        if (!$con)
          {
          die('Could not connect: ' . mysql_error());
          }

        mysql_select_db("db", $con);

        
        
        
        $sql="INSERT INTO Users (FirstName, Surname, Email)
        VALUES
        ('$_POST[firstname]','$_POST[surname]','$_POST[email]')";

        if (!mysql_query($sql,$con))
          {
          die('Error: ' . mysql_error());
          }
          
        
        
        //Email Stuff

    
$email = $_REQUEST['email'];
$firstName=$_REQUEST['firstName'];
$surname=$_REQUEST['surname'];
$headers="From: Someone";
$subject = "Registration";
$message = "Dear $firstName, your registration is now complete.";
    mail($email,$subject,$message,$headers);    
        
    if (mail($email,$subject,$message,$headers))
{
        header("Location: ../confirm.html");
    }
    else
    {
    echo 'Error';

}


}

?>

[webcodez]

You mean you want to validate the user input? In that case you need to use PHP patterns.

[Programnnd]

I did not understand what the problem here.
Rupert again I'd be happy if I can to help you effectively

[SoN9ne]

You will need to validate the users input and make sure it is valid. You will need to run your checks on the $_POST. You are open to SQL injection so use real_escape_string. You should not use $_REQUEST....

To validate the user input I would suggest you use PHP: filter_var - Manual as it is more efficient than creating your own.

Does this cover your question?