CODEWITHSUNDEEP
javascriptphpjquery
Jamal Azizbeigi
Jamal Azizbeigi

Reputation: 303

How to prevent user for type special charecter in input box by PHP not by jQuery?

I have a form with 3 input box that show in below:

echo '<form action="" name="frm_chg_pass" method="post">';
echo '<tr ><td class="td1">Dear user</td></tr>';
echo '<tr ><td class="td1"><p>'.$prs_name."  ".$prs_family.'</td></tr>';
echo '<tr><td class="td1">you will change your pass word please be careful for keeping it  </td></tr>';
echo '<tr><td class="td1">you dont allow for type these charecter: & > < / "'."'".' ; : )= ( ] [ # } { \ .</p></td></tr>';
echo '<tr><td class="td1"><input type="text" id="id_pass_old" name="pass_old" onselectstart="return false" onpaste="return false;" onCopy="return false" onCut="return false" onDrag="return false" onDrop="return false" required="required" autocomplete="off"     /></td><td class="td1"><p>Old Password</p></td>';
echo '<tr><td class="td1"><input type="password" id="id_pass_new" name="pass_new" onselectstart="return false" onpaste="return false;" onCopy="return false" onCut="return false" onDrag="return false" onDrop="return false" required="required" autocomplete="off" /></td><td class="td1"><p>New Password</p></td>';
echo '<tr><td class="td1"><input type="password" id="id_pass_conf" name="pass_conf" onselectstart="return false" onpaste="return false;" onCopy="return false" onCut="return false" onDrag="return false" onDrop="return false" required="required"  autocomplete="off"/></td><td class="td1"><p>Confirm new password</p></td>';
echo '<tr><td class="td1"><input type="submit" name="btn_change_pass" method="post" value="RegisterChang"/></td></tr>';
echo '</form>';

as you see I don't want user insert & > < / "' ; : ) = ( ] [ # } { \ in input box and don't use JavaScript for check it. How can I prevent type these by PHP?

Upvotes: 1

Views: 840

Answers (2)

Ensieh Parsaeian
Ensieh Parsaeian

Reputation: 110

You can do server-side validation in form's action. It should be something like this:

if (isset($_POST['submit'])) {
    if (!ctype_alnum($_POST['INPUTNAME'])) {
        $error .= 'Input data should be alpha numeric characters only.';
    }
}

Upvotes: 2

Chris Rutherfurd
Chris Rutherfurd

Reputation: 1687

Use mysqli_real_escape_string, you can find out the information on its usage at http://php.net/manual/en/mysqli.real-escape-string.php. It is built right into the MySQL extension and is designed specifically for escaping dangerous characters out of a query string prior to passing the query to the database server. Ideal solution is to use escape special character for handling the form data within the PHP logic and use mysqli_real_escape_string for handling the form data in the query string prior to passing it to the database server. As for the issue of the escaped data being passed to MySQL as a password, as long as you use the escape function during all database procedures, especially saving a password as well as verifying the password then the passwords will match even if the user is using special characters in their password, the only difference is that while the user may type in a hash or ampersand as part of their password the database safe escaped string would be used when the password is saved and each time the user types in the password and it is checked against the database it will match as long as the user supplied strings are escaped the same way.

Upvotes: 0

Related Questions