php - In Which Order Do I Deal With User Inputs To My Webform?
Get the solution ↓↓↓Q1. Do I validate user inputs first then sanitize it or should I vice versa ?
if($_SERVER['REQUEST_METHOD'] == "POST")
{
if(ISSET($_POST['domain_email']) && ISSET($_POST['password']))
{
//Initialise variables before assigning values.
$domain_email = $password = $user_id = "";
$_SESSION['domain_email'] = $_SESSION['user_id'] = '';
$domain_email = $_POST['domain_email'];
$password = $_POST['password'];
if(!filter_var($domain_email,FILTER_SANITIZE_EMAIL))
{
die("Error 1a: Input the VALID Email Address belonging to your account!");
}
if(!filter_var($domain_email,FILTER_VALIDATE_EMAIL))
{
die("Error 1b: Input the VALID Email Address belonging to your account!");
}
if(!filter_var($password,FILTER_SANITIZE_STRING))
{
die("Error 1c: Input the correct Password belonging to your account!");
}
function validate_input($data_input)
{
$data_input = trim($data_input);
$data_input = stripslashes($data_input);
$data_input = strip_tags($data_input);//I ADDED THIS LINE. IS IT NECESSARY OR IS THE FILLOWING ENOUGH ? : $data_input = stripslashes($data_input);
return $data_input;
}
$domain_email = validate_input($domain_email);
$password = validate_input($password);
Q2.
$data_input = strip_tags($data_input);
I added the above line. Is it necessary or is the following enough:
$data_input = stripslashes($data_input);
I need answers to all 3 of my questions. Any further advice welcome.
EDIT: Q3. If password has special chars like:
~
`
@
#
$
%
^
&
*
(
)
_
-
+
=
{
[
}
]
|
\
:
;
'
"
<
,
>
.
?
/
Then can password be considered string in php ? I ask due to this part of my code:
if(!filter_var($password,FILTER_SANITIZE_STRING))
{
die("Error 1c: Input the correct Password belonging to your account!");
}
function validate_input($data_input)
{
$data_input = trim($data_input);
$data_input = stripslashes($data_input);
$data_input = strip_tags($data_input);//I ADDED THIS LINE. IS IT NECESSARY OR IS THE FILLOWING ENOUGH ? : $data_input = stripslashes($data_input);
return $data_input;
}
$domain_email = validate_input($domain_email);
$password = validate_input($password);
Note the $domain_email. Can it be considered string by having the "@"? Strings can only contain alphas and numbers. Right ?
Share solution ↓
Additional Information:
Link To Answer People are also looking for solutions of the problem: dompdf image not found or type unknown
Didn't find the answer?
Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.
Similar questions
Find the answer in similar questions on our website.
Write quick answer
Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.