Jump to content
Larry Ullman's Book Forums

Recommended Posts

Hello everyone,

 

 

I have a quick question about validating checkbox values.

 

My checkboxes are in the following format:

<input type="checkbox" name="color[]" value="orange">orange
<input type="checkbox" name="color[]" value="blue">blue

<input type="checkbox" name="fabric[]" value="cotton">cotton
<input type="checkbox" name="fabric[]" value="wool">wool

I then check if the $_POST variables are set:

if (isset($_POST['color'])){
// perform validation
}
if (isset($_POST['fabric'])){
// perform validation
}

What would be the best way to validate $_POST['color'] and $_POST['fabric']? Should I run them through strip_tags() or FILTER_SANITIZE_STRING()? The values are then run through mysqli_real_escape_string() before they are used in a query.

 

Is this OK?

 

HartleySan, I think that you have mentioned that you set number values for checkboxes, radio buttons and the like. You then have an array such as the following:

$gender = array(1 => 'male', 'female');

But how exactly would you go about validating the inputs? Could you please provide an example?

 

 

 

Thank you in advance!!!

Link to comment
Share on other sites

Wagtail, I think this is very closely related to this thread of yours from before:

http://www.larryullman.com/forums/index.php?/topic/2929-need-to-validate-multiple-select-menus/

 

Please read that whole thread again carefully, and I think you'll see the answer.

Essentially though, the same array that you use to populate your markup, you should also use for validation purposes.

And yes, I much prefer validating numbers over strings, as there is a lot less leeway and ways for the user to fudge around with the data.

Link to comment
Share on other sites

Thank you for replying!

 

 

I looked at my earlier thread but I don't see the relevance. Currently I'm using strings as values for the checkboxes which is why I asked about using strip_tags() or FILTER_SANITIZE_STRING(). Perhaps strip_tags() or FILTER_SANITIZE_STRING() isn't necessary - I don't know. The other thread was about select menus which used integers as values.

 

 

If I do use integers, then I'd be grateful if you or someone else could please show me how to use an array, such as $gender below, to validate checkboxes. I am just trying to understand how this is done. A short example should suffice.

$gender = array(1 => 'male', 'female');

Thank you!

Link to comment
Share on other sites

My post is still relevant.

Regardless of whether you use numbers or strings, you're still going to loop through a whitelist of values to validate the posted values.

 

For example:

function validate_hobbies() {
  $hobbies = array(1 => 'basketball', 'programming', 'cooking frogs');
  $valid_hobbies = array();

  if (isset($_POST['hobbies'])) {
    foreach ($_POST['hobbies'] as $post_hobby) {
      foreach ($hobbies as $hobby) {
        if ($post_hobby === $hobby) {
          $valid_hobbies[] = $hobby;
          break;
        }
      }
    }

    if ($_POST['hobbies'] === $valid_hobbies) {
      return true;
    }
  }

  return false;
}
 
Two things to note:
  1. Gender is a bad example for checkboxes because you should only be able to pick one at a time. Radio buttons are more appropriate for gender.
  2. The above function is just an example, but you'd be better to generalize the function to something like validate_checkboxes, and then pass the function a string argument that would affect which data is compared against which.
 
Just my two cents.
Link to comment
Share on other sites

Thank you very much for the example. It helps me to see the actual code.

 

 

 

The above function is just an example, but you'd be better to generalize the function to something like validate_checkboxes, and then pass the function a string argument that would affect which data is compared against which

 

 

You mean if I have different checkboxes or different arrays (such as fabric, or color), I would then pass in the name of the array as a string? Sorry, functions still give me some difficulties :unsure: .

 

 

Thanks for your time.

Link to comment
Share on other sites

Yes, that's exactly what I mean.

You should design your code so that a single string argument can properly determine which data you want to validate, etc.

 

And if you're still having trouble with functions, then you need to practice more first and read Larry's book some more.

 

Good luck.

Link to comment
Share on other sites

 Share

×
×
  • Create New...