PHP:
<?php
function form_title_validate($value)
// Function for text field validation //
{
// First stage is to convert the string to html specialchars for php to stop injection. //
$value = htmlspecialchars($value, ENT_QUOTES, "UTF-8");
// Strip tags //
$value = strip_tags($value);
// Trimming excess space from the value. //
if(!$value || strlen($value = trim($value)) == 0)
{
// If the value is empty. //
$error = "The title field is empty.";
}
else
{
/* Checking to make sure the value makes sense.
a valid input would be "Hello"
invalid inputs. ".", "...", " /"
*/
if (preg_match('/[\w]{1,}/', $value))
{
// Checking if the value is a number. //
if (is_numeric($value))
{
// Sets the is numeric error. //
$error = "The title field is numeric it must be alpha-numeric.";
}
// The value is not a number so lets proceed. //
else
{
// Now making sure the string is not to short to avoid laziness //
if (strlen($value) < 5)
{
// Sets the error as to short. //
$error = "The title field is to short, It must be greater than 5 characters.";
}
else if (strlen($value) > 60)
{
// Sets the error as to short. //
$error = "The title field is to long, It must be less than 60 characters.";
}
else
{
// The validated value is returned to the browser. //
$valid_value = $value;
}
}
}
else
{
// Return a error for invalid input. //
$error = "The title field makes no sense.";
}
}
$return_vals["error"] = $error;
$return_vals["validated_output"] = $valid_value;
return $return_vals;
}
function form_body_validate($value)
// Function for text field validation //
{
// First stage is to convert the string to html specialchars for php to stop injection. //
$value = htmlspecialchars($value, ENT_QUOTES, "UTF-8");
// Strip tags //
$value = strip_tags($value);
// Trimming excess space from the value. //
if(!$value || strlen($value = trim($value)) == 0)
{
// If the value is empty. //
$error = "The body of this post is empty.";
}
else
{
/* Checking to make sure the value makes sense.
a valid input would be "Hello"
invalid inputs. ".", "...", " /"
*/
if (preg_match('/[\w]{1,}/', $value))
{
// Checking if the value is a number. //
if (is_numeric($value))
{
// Sets the is numeric error. //
$error = "The body of your post is numeric, It must be alpha-numeric.";
}
// The value is not a number so lets proceed. //
else
{
// Now making sure the string is not to short to avoid laziness //
if (strlen($value) < 5)
{
// Sets the error as to short. //
$error = "The body of your post is to short, It must be greater than 5 characters.";
}
else if (strlen($value) > 12500)
{
// Sets the error as to short. //
$error = "The body of your post is too long, It must be less than 12500 characters.";
}
else
{
// The validated value is returned to the browser. //
$valid_value = $value;
}
}
}
else
{
// Return a error for invalid input. //
$error = "The body makes no sence.";
}
}
$return_vals["error"] = $error;
$return_vals["validated_output"] = $valid_value;
return $return_vals;
}
?>
<html>
<head>
<title>Text Validation</title>
<style type="text/css">
body {
background-color: #ffffff;
color: #333;
font-family: Geneva,Arial,Helvetica,sans-serif;
}
h1 {
line-height: 1.6em;
font-size: 1.6em;
margin: 0em 0em 0em 0em;
padding: 0em 0em 0em 0em;
}
h2 {
line-height: 1.2em;
font-size: 1.2em;
margin: 0em 0em 0em 0em;
padding: 0em 0em 0em 0em;
}
label {
display: inline;
font-size: 0.8em;
margin: 2px;
}
p {
font-size: 1em;
line-height: 1.2em;
padding: 0em 0em 0em 0em;
margin: .2em 0 .6em 0;
}
ul {
font-size: 0.8em;
color: #ff4444;
margin: 0; padding: 0;
list-style: none;
}
</style>
</head>
<body>
<?php
if (!isset($_GET['validate']))
{
// Title //
echo '<h1>Input form</h1>';
// Form //
echo '<form name="input_validation" action="text_validation.php?validate" method="post">';
// Title //
echo '<p><label for="title">Title:</label><input type="text" name="title"></p>';
// Body //
echo '<p><label for="body">Body:</label><br /><textarea name="body" cols="40" rows="5"></textarea></p>';
// Submit //
echo '<input type="submit" value="submit">';
// End form //
echo '</form>';
}
if (isset($_GET['validate']))
{
// Title //
echo '<h1>Output</h1>';
// errors //
// Begin unordered list //
echo '<ul>';
// Returns the form errors //
// title //
$error_validate = form_title_validate($_POST['title']);
if (isset($error_validate))
{
echo '<li>'.$error_validate['error'].'</li>';
}
// Body //
$error_validate = form_body_validate($_POST['body']);
if (isset($error_validate))
{
echo '<li>'.$error_validate['error'].'</li>';
}
// End of unordered list //
echo '</ul>';
// end errors //
// Getting the title's value back //
$title = form_title_validate($_POST['title']);
echo '<h3>'.stripslashes($title['validated_output']).'</h3>';
// Getting the title's value back //
$body = form_body_validate($_POST['body']);
echo '<p>'.stripslashes($body['validated_output']).'</p>';
// back button //
echo '<a href="text_validation.php">Back</a>';
}
?>
</body>
</html>
For the body function i would like it to keep some of the HTML coding such as <p> and <h1> yet exclude other coding such as <script> is there a easy way for me to implement this into the forum_body_validate function.