?

Search Help Board

PHP FAQ
PHP Articles
PHP Help
Bulletin Board

PHP Manual (NEW!)
First Time PHP'ers
Help with programming
Sql assignment help
PHP Homework Help


?
?Re: searching help !!
Author:??(---.scpe.powergate.ca)
Date:???07-28-04 11:38

Hi

From your example, the input was a free form box, telling your users to enter a date in a specific format is sure to get some of them to enter it wrong...be safe and test for it any ways...

Sample:

//assume input name = search

$search_string = @$_POST['search'];

//check for a space
if(strlen(stristr($search_string, " "))>1){
$list = explode(" ",$search_string);
}
if (count($list)>1){

//handle year
if ((strlen($list[0])==2)&&($list[0]>50)){
//check for 2 digits and value over 50 (ie 1950)
$sql_where = $list[0] . "between start_yr and end_yr ";
}elseif ((strlen($list[0])==4)&&($list[0]>1950)){
$sql_where = substr($list[0],2,4) . "between start_yr and end_yr ";
}else{
$msg = "data no valid";
}//end if

//handle car
//test values to see if it contains bad sql (hacking attempts)
//maybe compare to an array of car manufacturers


}//end if

?Topics Author? Date
?searching help !!??new
Moses 07-26-04 20:47?
?Re: searching help !!??new
bastien 07-27-04 12:15?
?Re: searching help !!??new
Moses 07-28-04 10:50?
?Re: searching help !!??new
bastien 07-28-04 11:38?
?Re: searching help !!??new
Moses 07-29-04 09:59?
?Re: searching help !!??new
bastien 07-29-04 11:53?
?Re: searching help !!??new
Moses 07-30-04 14:27?
Go to Top??|??Go to Topic??|??Flat View??|??Search?
??|??
New Topic
?Reply To This Message
?Your Name:
?Your Email:
?Subject:
Email replies to this thread, to the address above.
??wrote: > > Hi > > From your example, the input was a free form box, telling > your users to enter a date in a specific format is sure to > get some of them to enter it wrong...be safe and test for it > any ways... > > Sample: > > //assume input name = search > > $search_string = @$_POST['search']; > > //check for a space > if(strlen(stristr($search_string, " "))>1){ > $list = explode(" ",$search_string); > } > if (count($list)>1){ > > //handle year > if ((strlen($list[0])==2)&&($list[0]>50)){ > //check for 2 digits and value over 50 (ie 1950) > $sql_where = $list[0] . "between start_yr and end_yr "; > }elseif ((strlen($list[0])==4)&&($list[0]>1950)){ > $sql_where = substr($list[0],2,4) . "between start_yr and > end_yr "; > }else{ > $msg = "data no valid"; > }//end if > > //handle car > //test values to see if it contains bad sql (hacking attempts) > //maybe compare to an array of car manufacturers > > > }//end if ">??

Provided By
Phorum