Dan Shirah wrote:
That is correct, the due_date field should only accept a valid date format,
such as MM/DD/YYYY. To bypass the need for a validation check for this
field I simply set the text field to disabled and supplied the user with a
javascript popup calendar that upon selection populates the date in the
format I want. :)
Client-side limits are not an effective defense against dangerous
inputs. Server-side validation is a must regardless of any client-side
checking that goes on.
-Stut
--
http://stut.net/
On 11/2/07, Nathan Nobbe <[EMAIL PROTECTED]> wrote:
On 11/2/07, Dan Shirah <[EMAIL PROTECTED]> wrote:
Ah, okay. So I could probably simplfy it more by trimming it from the
start like this??
$due_date = trim($_POST['due_date']);
that works;
i personally prefer to initialize a variable then only set it if the user input
meets some
conditions; its called white-box validation.
$due_date = '';
if(isset($_POST['due_date'])) && !empty($POST['due_date'])) {
$due_date = trim($_POST['due_date']);
}
the more you know about what the contents of due_date are supposed to be, the
stronger you can make the check; for instance here, it sounds like it should be
a date
so you wouldnt allow, say 'somecrazySting', to pass the validation.
-nathan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
