|
|
Posted by Michael Fesser on 09/28/07 19:41
..oO(GarryJones)
>I am a bit lost with your answer as "ctype_digit" is new to me, but I
>will look into it.
There's also is_numeric().
>What I would really like is access type input validation where no
>other key can be pressed when user is in the "number only fields".
Can be done with JavaScript, but this is _not_ a replacement for real
server-side validation.
>So basically I am looking at two problems.
>1) Last years data to be recycled if numeric,
If users were able to insert arbitrary strings instead of numbers into
your database, then it looks like the DB design itself is broken.
Numbers should be stored in INT fields for example, not as strings.
>2) Validation now needed in number only fields.
As already said: Use simple string functions to remove any spaces from
the submitted value, then check with is_numeric() or ctype_digit().
BTW: You need validation for _all_ fields! And you have to make sure
that the data (especially string data) is properly stored in the DB
without allowing SQL injection. mysql_real_escape_string() is the
keyword here (or PDO with prepared statements).
>As for problem 1 let me explain.
>
>Each organiser has to have declared how many cyclists they had in this
>years events to be able to enter the details of their event for next
>year.
>
>The number 15 303 IS valid as they have keyed in an exact number. The
>value "ca 100" or "ca100" is not valid as I need exact numbers.
So you're storing integers? Then make the DB field of type INT UNSIGNED.
>So I need to validate the data that is already in the mysql database
>(possibly with a function?).
It should be possible to do that on the MySQL command line.
>I felt I was very close with the function
>I was using if I can just get it not to test (or ignore) the space
>between 15 and 303?
What do you want to do with the invalid values?
Micha
Navigation:
[Reply to this message]
|