DEVHIDE
Login Or Sign up

In Which Order Do I Deal With User Inputs To My Webform?

31 Views Asked by At

Q1. Do I validate user inputs first then sanitize it or should I vice versa ?

if($_SERVER['REQUEST_METHOD'] == "POST")
    {
        if(ISSET($_POST['domain_email']) && ISSET($_POST['password']))
        {
            //Initialise variables before assigning values.
            $domain_email = $password = $user_id = "";
            $_SESSION['domain_email'] = $_SESSION['user_id'] = '';
            
            $domain_email = $_POST['domain_email'];         
            $password = $_POST['password'];
        
            if(!filter_var($domain_email,FILTER_SANITIZE_EMAIL))
            {
                die("Error 1a: Input the VALID Email Address belonging to your account!");
            }
            if(!filter_var($domain_email,FILTER_VALIDATE_EMAIL))
            {
                die("Error 1b: Input the VALID Email Address belonging to your account!");
            }
            
            if(!filter_var($password,FILTER_SANITIZE_STRING))
            {
                die("Error 1c: Input the correct Password belonging to your account!");
            }
                
            function validate_input($data_input)
            {
                $data_input = trim($data_input);
                $data_input = stripslashes($data_input);
                $data_input = strip_tags($data_input);//I ADDED THIS LINE. IS IT NECESSARY OR IS THE FILLOWING ENOUGH ? : $data_input = stripslashes($data_input);
                
                return $data_input;
            }
            
            $domain_email = validate_input($domain_email);
            $password = validate_input($password);

Q2.

$data_input = strip_tags($data_input);

I added the above line. Is it necessary or is the following enough:

$data_input = stripslashes($data_input);

I need answers to all 3 of my questions. Any further advice welcome.

EDIT: Q3. If password has special chars like:

~
`
@
#
$
%
^
&
*
(
)
_
-
+
=
{
[
}
]
|
\
:
;
'
"
<
,
>
.
?
/

Then can password be considered string in php ? I ask due to this part of my code:

if(!filter_var($password,FILTER_SANITIZE_STRING))
            {
                die("Error 1c: Input the correct Password belonging to your account!");
            }
                
            function validate_input($data_input)
            {
                $data_input = trim($data_input);
                $data_input = stripslashes($data_input);
                $data_input = strip_tags($data_input);//I ADDED THIS LINE. IS IT NECESSARY OR IS THE FILLOWING ENOUGH ? : $data_input = stripslashes($data_input);
                
                return $data_input;
            }
            
            $domain_email = validate_input($domain_email);
            $password = validate_input($password);

Note the $domain_email. Can it be considered string by having the "@"? Strings can only contain alphas and numbers. Right ?

php validation sanitization strip-tags stripslashes
Original Q&A
0

There are 0 best solutions below

Related Questions in PHP

Related Questions in VALIDATION

Related Questions in SANITIZATION

Related Questions in STRIP-TAGS

Related Questions in STRIPSLASHES

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.