Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /**
- * 24 Form Validation Snippets
- *
- * This is a group of snippets from {@link http://hungred.com/useful-information/php-form-validation-snippets/}
- * that provide useful ways to validate form data.
- *
- * This file CANNOT be used as-is because of the duplicate function names.
- * They are meant to illustrate different ways of accomplishing the same thing and
- * show alternative/better methods for some functions.
- *
- * Beyond validation, I highly recommend using PHP's PDO class and the bindParam() method
- * that provides additional SQL Injection prevention.
- */
- /**
- * Validate Email
- * We can perform an email validation through this function.
- */
- function isValidEmail($email){
- return preg_match('/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i', $email);
- }
- // PHP 5.2 and above.
- function fnValidateEmail($email){
- return filter_var($email, FILTER_VALIDATE_EMAIL);
- }
- /**
- * Sanitize Email
- * We can further sanitize our email to ensure that everything is alright.
- */
- function fnSanitizeEmaill($string){
- return preg_replace( '((?:\n|\r|\t|%0A|%0D|%08|%09)+)i' , '', $string );
- }
- // PHP 5.2 and above.
- function fnSanitizeEmaill($url){
- return filter_var($url, FILTER_SANITIZE_EMAIL);
- }
- /**
- * Validate Email Exist
- * This is not possible but certain validation can be use to validate email existence.
- * NOTE: This function uses eregi, which is DEPRECATED as of PHP 5.3.
- */
- function check_email($email){
- $email_error = false;
- $Email = htmlspecialchars(stripslashes(strip_tags(trim($email)))); //parse unnecessary characters to prevent exploits
- if ($Email == '') { email_error = true; }
- elseif (!eregi('^([a-zA-Z0-9._-])+@([a-zA-Z0-9._-])+\.([a-zA-Z0-9._-])([a-zA-Z0-9._-])+', $Email)) { email_error = true; }
- else {
- list($Email, $domain) = split('@', $Email, 2);
- if (! checkdnsrr($domain, 'MX')) { email_error = true; }
- else {
- $array = array($Email, $domain);
- $Email = implode('@', $array);
- }
- }
- if (email_error) { return false; } else{return true;}
- }
- /**
- * Validate Number Only
- * We can use PHP built-in function to validate whether a given value is a number.
- */
- function fnValidateNumber($value){
- #is_ double($value);
- #is_ float($value);
- #is_ int($value);
- #is_ integer($value);
- return is_numeric($value);
- }
- // PHP 5.2 and above.
- function fnValidateNumber($value){
- #return filter_var($value, FILTER_VALIDATE_FLOAT); // float
- return filter_var($value, FILTER_VALIDATE_INT); # int
- }
- /**
- * Sanitize Number
- * We can force all value to be only numeric by sanitize them.
- */
- function fnSanitizeNumber($str){
- #letters and space only
- return preg_match('/[^0-9]/', '', $str);
- }
- //PHP 5.2 and above.
- function fnSanitizeNumber($value){
- #return filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT); // float
- return filter_var($value, FILTER_SANITIZE_NUMBER_INT); # int
- }
- /**
- * Validate String Only
- * Sometimes to validate name we can use this function to restrict only letters and spaces.
- */
- function fnValidateStringr($str){
- #letters and space only
- return preg_match('/^[A-Za-z\s ]+$/', $str);
- }
- /**
- * Sanitize String
- * We can sanitize it instead of validate user input.
- */
- function fnSanitizeStringr($str){
- #letters and space only
- return preg_replace('/[^A-Za-z\s ]/', '', $str);
- }
- // PHP 5.2 and above. built-in function by PHP provides a much more powerful sanitize capability.
- function fnSanitizeStringr($str){
- return filter_var($str, FILTER_SANITIZE_STRIPPED); # only 'String' is allowed eg. '<br>HELLO</br>' => 'HELLO'
- }
- /**
- * Validate Alphanumeric Characters
- * This validates alphanumeric characters.
- */
- function fnValidateAlphanumeric($string){
- return ctype_alnum($string);
- }
- /**
- * Sanitize Alphanumeric Characters
- * This sanitize alphanumeric characters. eg. “HELLO! Do we have 90 idiots running
- * around here?” => “HELLO Do we have 90 idiots running around here”
- */
- function fnSanitizeAlphanumeric($string){
- return preg_replace('/[^a-zA-Z0-9]/', '', $string);
- }
- /**
- * Validate URL Exist
- * This function will check whether a given URL exist and not only validate it.
- */
- function url_exist($url){
- $url = @parse_url($url);
- if (!$url)
- {
- return false;
- }
- $url = array_map('trim', $url);
- $url['port'] = (!isset($url['port'])) ? 80 : (int)$url['port'];
- $path = (isset($url['path'])) ? $url['path'] : '';
- if ($path == '')
- {
- $path = '/';
- }
- $path .= (isset($url['query'])) ? '?$url[query]' : '';
- if (isset($url['host']) AND $url['host'] != @gethostbyname($url['host']))
- {
- if (PHP_VERSION >= 5)
- {
- $headers = @get_headers('$url[scheme]://$url[host]:$url[port]$path');
- }
- else
- {
- $fp = fsockopen($url['host'], $url['port'], $errno, $errstr, 30);
- if (!$fp)
- {
- return false;
- }
- fputs($fp, 'HEAD $path HTTP/1.1\r\nHost: $url[host]\r\n\r\n');
- $headers = fread($fp, 4096);
- fclose($fp);
- }
- $headers = (is_array($headers)) ? implode('\n', $headers) : $headers;
- return (bool)preg_match('#^HTTP/.*\s+[(200|301|302)]+\s#i', $headers);
- }
- return false;
- }
- /**
- * Validate URL Format
- * This function will validate a given url to ensure the format is correct.
- */
- function fnValidateUrl($url){
- return preg_match('/^(http(s?):\/\/|ftp:\/\/{1})((\w+\.){1,})\w{2,}$/i', $url);
- }
- // PHP 5.2 and above.
- function fnValidateUrl($url){
- return filter_var($url, FILTER_VALIDATE_URL);
- }
- /**
- * Sanitize URL
- * PHP 5.2 and above.
- function fnSanitizeUrl($url){
- return filter_var($url, FILTER_SANITIZE_URL);
- }
- /**
- * Validate Image Exist
- * This function will check whether a given image link exist and not only validate it.
- */
- function image_exist($url) {
- if(@file_get_contents($url,0,NULL,0,1)){return 1;}else{ return 0;}
- }
- /**
- * Validate IP Address
- * This function will validate an IP address.
- */
- function fnValidateIP($IP){
- return preg_match('/^(([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$/',$IP)
- }
- //PHP 5 and above. This can also specific validation for IPV4 or IPV6.
- function fnValidateIP($ip){
- return filter_var($ip, FILTER_VALIDATE_IP);
- }
- /**
- * Validate Proxy
- * This function will let us detect proxy visitors even those that are behind anonymous proxy.
- */
- function fnValidateProxy(){
- if ($_SERVER['HTTP_X_FORWARDED_FOR']
- || $_SERVER['HTTP_X_FORWARDED']
- || $_SERVER['HTTP_FORWARDED_FOR']
- || $_SERVER['HTTP_VIA']
- || in_array($_SERVER['REMOTE_PORT'], array(8080,80,6588,8000,3128,553,554))
- || @fsockopen($_SERVER['REMOTE_ADDR'], 80, $errno, $errstr, 30))
- {
- exit('Proxy detected');
- }
- }
- /**
- * Validate Username
- * Before we validate whether a given username is matches the one in our database, we can
- * perform a validation check first to prevent any unnecessary SQL call.
- */
- function fnValidateUsername($username){
- #alphabet, digit, @, _ and . are allow. Minimum 6 character. Maximum 50 characters (email address may be more)
- return preg_match('/^[a-zA-Z\d_@.]{6,50}$/i', $username);
- }
- /**
- * Validate Strong Password
- * Another good thing is to validate whether a particular password given by the user is
- * strong enough. You can do that using this function which required the password to have
- * a minimum of 8 characters, at least 1 uppercase, 1 lowercase and 1 number.
- */
- function fnValidatePassword($password){
- #must contain 8 characters, 1 uppercase, 1 lowercase and 1 number
- return preg_match('/^(?=^.{8,}$)((?=.*[A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z]))^.*$/', $password);
- }
- /**
- * Validate US Phone Number
- * This function will validate US phone number for US users.
- */
- function fnValidateUSPhone($phoneNo){
- return preg_match('/\(?\d{3}\)?[-\s.]?\d{3}[-\s.]\d{4}/x', $phoneNo);
- }
- /**
- * Validate US Postal Code
- * This function validate US postal code.
- */
- function fnValidateUSPostal($postalcode){
- #eg. 92345-3214
- return preg_match('/^([0-9]{5})(-[0-9]{4})?$/i',$postalcode);
- }
- /**
- * Validate US Social Security Numbers
- * This function validate US Social Security Numbers.
- */
- function fnValidateUSSocialSecurityCode($ssb){
- #eg. 531-63-5334
- return preg_match('/^[\d]{3}-[\d]{2}-[\d]{4}$/',$ssn);
- }
- /**
- * Validate Credit Card
- * This function validate credit card format.
- */
- function fnValidateCreditCard($cc){
- #eg. 718486746312031
- return preg_match('/^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6011[0-9]{12}|3(?:0[0-5]|[68][0-9])[0-9]{11}|3[47][0-9]{13})$/', $cc);
- }
- /**
- * Validate Date
- * This is a date format MM-DD-YYYY or MM-DD-YY validation which validate from year 0000-9999.
- */
- function fnValidateDate($date){
- #05/12/2109
- #05-12-0009
- #05.12.9909
- #05.12.99
- return preg_match('/^((0?[1-9]|1[012])[- /.](0?[1-9]|[12][0-9]|3[01])[- /.][0-9]?[0-9]?[0-9]{2})*$/', $date);
- }
- // This is a date format YYYY-DD-MM or YY-MM-DD validation which validate from year 0000-9999.
- function fnValidateDate($date){
- #2009/12/11
- #2009-12-11
- #2009.12.11
- #09.12.11
- return preg_match('#^([0-9]?[0-9]?[0-9]{2}[- /.](0?[1-9]|1[012])[- /.](0?[1-9]|[12][0-9]|3[01]))*$#', $date);
- }
- /**
- * Validate Hexadecimal Colors
- * This is a good validation for people who allows their user to change color in their system.
- */
- function fnValidateColor($color){
- #CCC
- #CCCCC
- #FFFFF
- return preg_match('/^#(?:(?:[a-f0-9]{3}){1,2})$/i', $color);
- }
- /**
- * Make Query Safe
- * This function help sanitize our data to be SQL injection safe.
- */
- function _clean($str){
- return is_array($str) ? array_map('_clean', $str) : str_replace('\\', '\\\\', htmlspecialchars((get_magic_quotes_gpc() ? stripslashes($str) : $str), ENT_QUOTES));
- }
- //usage call it somewhere in beginning of your script
- _clean($_POST);
- _clean($_GET);
- _clean($_REQUEST);// and so on..
- /**
- * Make Data Safe
- * This function help to keep us protected against XSS, JS and SQL injection by removing tags.
- */
- function _clean($str){
- return is_array($str) ? array_map('_clean', $str) : str_replace('\\', '\\\\', strip_tags(trim(htmlspecialchars((get_magic_quotes_gpc() ? stripslashes($str) : $str), ENT_QUOTES))));
- }
- //usage call it somewhere in beginning of your script
- _clean($_POST);
- _clean($_GET);
- _clean($_REQUEST);// and so on..
- /**
- * Summary
- * A paranoid way to perform a form validation would be to validate first then sanitize
- * your values for precautions.
- */
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement