Restrict input length of the DB field to park

Posted on July 31, 2010 by admin

A good practice in developing PHP applications that process data sent from the form and send them to tables in a database, is not to allow reception of parameters longer than expected for the fields to populate. Consider, for example, a field “username” that can accept values not longer than 10 characters, in this case it is better NOT to use a syntax like this:

<span onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left;">$username = $_POST['username'];</span> $ Username = $ _POST ['username'];</span>

<span onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left;">mysql_query("INSERT INTO utenti (username) VALUES('" . $username . "')");</span> mysql_query ("INSERT INTO users (username) VALUES ('". $ username. "')");</span>


Better to make a direct control over the length of the input parameter by using the function strlen and print any excess:

<span onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left;">if (strlen($_POST['username'] > 10)</span> if (strlen ($ _POST ['username']> 10)</span>

<span onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left;">{</span> (</span>
<span onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left;">echo "Errore!";</span> echo "Error!"</span>
<span onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left;">}else{</span> Else ()</span>
<span onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left;">// scrivo nel database</span> / / Write the database</span>
<span onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left;">...</span> ...</span>

<span onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left;">}</span> )</span>

or truncate the data with substr ():
<span onmouseover="_tipon(this)" onmouseout="_tipoff()"><span class="google-src-text" style="direction: ltr; text-align: left;">$username = substr($_POST['username'],0,10);</span> $ Username = substr ($ _POST ['username'], 0.10);</span>

Is known as substr () takes three arguments parameters: the string to extract a substring, the index on the position of string running from first character of substring (“0″) and the number of characters to extract (“10″ ), so in this case will use only the first 10 characters of the parameter.

As known, the server side controls (such as those exposed) are much safer (and preferable) to control the client side with javascript or played through the maxlength attribute of input field.

Related posts:

  1. Calculate the size of a MySQL database
  2. Validate the value of a hex color with PHP
  3. Enter PHP in JavaScript
  4. Timing redirect with PHP
  5. Restore the sound on Linux
  6. Titles in PHP permalink
  7. CD to ISO with LINUX
  8. Follow the Wi-Fi Shell
  9. Firefox optimized Swiftfox
  10. Installing applications on Ubuntu with GetDeb
This entry was posted in PHP. Bookmark the permalink.

Comments are closed.