Simple validation of a incomming contact name ..

$contact_name = trim($_POST['contact_name']);
if (!ereg("^([a-zA-Z \'-]+){5,10}$", $contact_name))
{ $errors [] = 'Enter valid contact name'; }

As you can see the name must be u/l case alpha or space, apostophe or hyphen
(I think that is all a name can be) and must be at least 5 chars and no more
than 10 (just testing).

The character validation seems ok and it picks up when there is less that 5
chars, but the max parameters doesn't seem to work at all - any ideas?

PS. Is there a routine that strips out more than one space between words, e.g
if someone entered 'John Smith', it would return 'John Smith'?,
Thanks.

patricktr wrote:
> The character validation seems ok and it picks up when there is less that 5
> chars, but the max parameters doesn't seem to work at all - any ideas?

The problem is the +. Also, you should stop using ereg, as it is being
removed from PHP 6. Use the PCRE functions instead.

> PS. Is there a routine that strips out more than one space between words, e.g
> if someone entered 'John Smith', it would return 'John Smith'?,

This will do the validation for you, and strip out extra whitespace at
the same time:

$name = trim(preg_replace('/\s+/', ' ', $_POST['contact_name']));
if (!preg_match("/^[-a-z'\s]{5,10}$/i", $name)) {
$errors[] = 'Enter valid contact name';
}

--
David Powers, Adobe Community Expert
Author, "The Essential Guide to Dreamweaver CS3" (friends of ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/

Hi David,

Thanks very much for taking the time to respond and thanks for the tip re.
ereg - I'll make a point of using preg from now on and yes the max feature is
now working. However you're testing repeatedly, it goes into a state where it
always reports an error - e.g.'Enter valid contact name: Jo O\'Kane' (the '\'
character is added by the system - see below) ?

I thought I'd twigged my own problem re. removing extra spaces when I came
across using 'explode' & 'implode' but your solution is much neater.

Would you mind explaining what is happening here as it is not obvious (to me
anyway) as I would like to be able to use this technique again but I can't
understand the statements although obviously I can see what they are doing.

PS. I the interim period I raised another query about the recording names with
an apostrophe (e.g. O'Reilly) in a db.... basically it looks as if the name
will be recorded as O\'Reilly ... any thoughts?

I'm now using this code based on what you sent me previously ...

$errors = array();
$val_cn = trim(preg_replace('/\s+/', ' ', $_POST['contact_name']));
if (!preg_match("/^[-a-z'\s]{5,10}$/i", $val_cn)) {
$val_cn = stripslashes($val_cn);
$val_cn = mysql_real_escape_string($val_cn);
$cn_html = htmlentities($val_cn);
{ $errors [] = 'Enter valid contact name: ' . $val_cn . ' ' . $cn_html; } }

will yeild 'O\'Reilly'

Thanks again - great stuff.
Patrick

patricktr wrote:
> I raised another query about the recording names with
> an apostrophe (e.g. O'Reilly) in a db.... basically it looks as if the name
> will be recorded as O\'Reilly ... any thoughts?

Your server is using magic quotes, which is another feature that will be
removed entirely from PHP 6.

Either turn off magic quotes, or if it's something imposed by your
hosting company, use one of the techniques shown here:

http://docs.php.net/manual/en/securi....disabling.php

--
David Powers, Adobe Community Expert
Author, "The Essential Guide to Dreamweaver CS3" (friends of ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/

Once again, many thanks David.

Hi David,

I have tried this and I am still getting an unexpectred error:
Joe O'Kane appears on my error message as invalid - Joe O\'Kane (11
Characters) whilst
Joe O-Kane appears as valid Joe O-Kane (10 Chars)?

I have tried both suggested scripts - my code is ...

$errors = array();
if (get_magic_quotes_gpc())
{ function undoMagicQuotes($array, $topLevel=true)
{ $newArray = array();
foreach($array as $key => $value)
{ if (!$topLevel) { $key = stripslashes($key); }
if (is_array($value)) {$newArray[$key] = undoMagicQuotes($value, false); }
else { $newArray[$key] = stripslashes($value); }
}
return $newArray;
}
$_GET = undoMagicQuotes($_GET);
$_POST = undoMagicQuotes($_POST);
$_COOKIE = undoMagicQuotes($_COOKIE);
$_REQUEST = undoMagicQuotes($_REQUEST);
}

//if (get_magic_quotes_gpc())
//{function stripslashes_deep($value)
//{ $value = is_array($value) ? array_map('stripslashes_deep', $value) :
stripslashes($value);
//return $value; }
//$_POST = array_map('stripslashes_deep', $_POST); }

$val_cn = trim(preg_replace('/\s+/', ' ', $_POST['contact_name']));
$val_cn = mysql_real_escape_string($val_cn); // Just want to see the effect
of this function
$cn_html = htmlentities($val_cn); // Just want to see the effect of this
function

if (!preg_match("/^[-a-z'\s]{5,10}$/i", $val_cn))
{ $errors [] = 'Invalid contact name: ' . $val_cn . ' ' . $cn_html; }
else
{ $errors [] = 'Valid contact name: ' . $val_cn . ' ' . $cn_html; }

if (sizeof($errors) > 0)
// format and display error list
{ echo "<p class=\"val_err\"> Contact format error.</p>";
echo "<div class=\"val_err\">[BULLET]";
foreach ($errors as $e)
{ echo "[LI]$e</li>"; }
echo "</div>[/BULLET]"; }

Any help much appreciated.
Regards.
Patrick

patricktr wrote:
> $val_cn = mysql_real_escape_string($val_cn);

That line reinserts the backslash. You need to run the preg_match error
test *before* applying mysql_real_escape_string().


--
David Powers, Adobe Community Expert
Author, "The Essential Guide to Dreamweaver CS3" (friends of ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/

Check ... got it this time ... I think .... until the next time.
Adi?s Amigo
P.