R
E
S
O
U
R
C
E
S
       Question Index      Products & Services      Contact Us      Links


WebHatchers will design & develop your site for you.
_______________________

Website Menu Heaven: side or top popup menus, buttons, image rotators, navbars, tons more.
_______________________

Send us your questions and wittiest comments.
_______________________

Report errors on our site.
_______________________

Share your neatest DHTML examples with us; we may publish them.
_______________________


_______________________

      QUESTION INDEX      

Question Index
Browser Insanity
JavaScript
Animation
Buttons and Menus
CSS and HTML
PHP
Personal Status Boards
Content Management
   Systems
Article Content
   Management Systems
Website Directory
   CMS Systems
Photo Gallery CMS
Forum CMS

 INFORMATIVE ARTICLES 

Menus-and-Buttons-
Part-I.htm

Menus-and-Buttons-
Part-II.htm

Change-Div-Size-Color-
and-Location-with-the-
W3C-DOM.htm

Bouncing-Ball-Animation-
with-the-W3C-DOM.htm

Style-Changes-with-the-
W3C-DOM.htm

Animation-with-the-
W3C-DOM.htm

Window-Play-and-Some-
Important-DOM-Methods.htm

Using-getElementsByTagName
-and-getElementsByName.htm

The-CSS-Resources-Intro-
Page.htm

Convert-Word-Files-to-HTML-
and-Install-Editor2-to-
Use-Instead-of-NotePad.htm

CSS-Issues.htm

What Are Fifteen Simple Methods of Doing Web-Page Pop-ups?

Security levels from Javascript and PHP input filtering

What is a regular expression general input validator?

What is a regular expression user name validator?

What is a regular expression password validator?

What is a regular expression email validator?

What is a regular expression URL validator?

How can I convert a Javascript array to a PHP array?

How can I Dynamically Create Input Boxes with Validation?

How do I use JavaScript Object Notation (JSON) in PHP and JavaScript to convert strings and arrays from PHP to JavaScript?

How do I add html to a web page with JavaScript, PHP or ssi includes?

How do I add html to a web page with JavaScript includes?

PHP

How do you put PHP variables in URL and link text?

What is PHP Code for Multiple PSB Hosts?

What is Registration PHP Code for Multiple PSB Hosts?

What is Registration PHP Code for Multiple PSB Hosts with a captcha?

What is Administrator PHP Code for Multiple PSB Hosts?

What's the PHP code for a script for a PSB?

What's the PHP code for a script for PSB updating?

What's the PHP code for a script if you forgot your user name?

What's the PHP code for a script if you forgot your password?

What's the PHP code for a script to change a member's email address?

What's the PHP code for a script to connect to a MySQL database?

What's the PHP code for a script to close a member's account?

What's the PHP code for a script to edit group member?

What's the PHP code for a script to add group member?

What's the PHP code for a script to reset a MySQL table's data to its original?

What's the PHP code for a script to edit a MySQL table's data?

What's the PHP code for a script to change a username?

What's the PHP code for a script to change a password?

What's the PHP code for a script to delete group member?

What's the PHP code for a script to view membership data?

What's the PHP code for a script to change an administrator's password?

What's the PHP code for a script to logout?

What's the PHP code for a script to login?

Security levels from Javascript and PHP input filtering

Security levels and PHP

How can I convert a Javascript array to a PHP array?

What is PHP Code to Prevent Duplicate Data Input - Like User Names or Members?

What is PHP Code for PSB Status Update for Multiple PSB Hosts?

How do I sort 1 PHP array and have the other arrays sort in parallel to how the first array sorts?

How do I use JavaScript Object Notation (JSON) in PHP and JavaScript to convert strings and arrays from PHP to JavaScript?

How do you do PHP-to-JavaScript String Conversion with No JSON?

How do you Convert PHP String to JavaScript String?

How do you Post a JavaScript Array to a PHP Array?

How do you send a value to PHP using JavaScript?

Info on unwanted primary field auto-sorting

How can I do instant article font size, font family, and paragraph formatting with radio buttons?

How can I create custom HTML tags that are safer for MySQL databases?

How can I edit text from MySQL databases by using a textarea box?

How can I highlight matched search terms in a MySQL database table search?

How can I search using not only exact phrase matching but also a series of words to match in a MySQL database table search?

What's the code for an Ajax and PHP Based Input Filter?

Ajax and PHP Based Insult Auto-Completer

How can I use PHP and MySQL for Checking Key Codes to Allow Update to a New Software App Version?



Personal Status Boards (PSB™)

Standard Free PSB

PSB Pro Version

Social PSB

Social PSB Plus (with Email)

Business PSB

Business PSB Plus (with Email)

PSB demo

Social PSB demo

Business PSB demo

So what's all this PSB stuff about?

Chart comparing business status boards

PSB hosting diagram

PSB Licence Agreement



Article Content Management System

Content Management System Introduction

Content Management System—Article Navigation

Content Management System—Article Indexing

Content Management System—Article Editing

Content Management System—Article Searching

Content Management System—Article Deleting

Content Management System—Article Writing

Content Management System—Article Reading

What are the terms of use for our Article Content Management System?



Website Directory Content Management System

Website Directory Navigation

Website Directory—Delete Category

Website Directory—Delete URL

Website Directory—Add URL

Website Directory—Add Category

Website Directory—Directory Creating

Website Directory—View by Category (Demo Code)

Website Directory—View by URL (Demo Code)

Website Directory—View by Category (Demo)

Website Directory—View by URL (Demo)

Website Directory—View

Website Directory—View (Demo)



Photo Gallery Content Management System

Code for Photo Gallery Navigation

Code for Photo Gallery—View

Code for Photo Gallery—Create

Code for Photo Gallery—Add Category

Code for Photo Gallery—Delete Category

Code for Photo Gallery—Add Photo

Code for Photo Gallery—Delete Photo

Code for JavaScript Photo Gallery

JavaScript Photo Gallery



Forum Content Management System

Forum: home page

Forum: search

Forum: login

Forum: topic and replies viewing page

Forum: add topic to database

Forum: add reply to database

Forum: edit topic in database

Forum: create topic in database

Forum: delete topic in database

Forum: delete reply in database

Forum: delete user account in members table


Copyright © 2002 -
MCS Investments, Inc. sitemap

PSBs, social networking, social evolution, microcommunities, personal status boards
PSBs, social networking, business personal status boards
website design, ecommerce solutions
website menus, buttons, image rotators
Ez-Architect, home design software
the magic carpet and the cement wall, children's adventure book
the squirrel valley railroad, model railroad videos, model train dvds
the deep rock railroad, model railroad videos, model train dvds

Regular Expression General Input Validator

Regular expressions can do a lot to make user input from forms more secure. With JavaScript, it's not hard to make decent routines that will filter input. What's infinitely harder is to find a way to force users to keep JavaScript turned on so these routines will be used and the data filtered! Rots 'o ruck making users do anything! About 5% avoid enabling JavaScript in order to avoid JavaScript malware routines that spring upon them like ravening beasts when they hit the landing page of some creep's predatory website. Happily, PHP is on host's servers and cannot be so lightly dismissed by users. Regular expressions user input validation can be forced upon user data at this point, for everyone's benefit—except predatory hackers. Good PHP input filtering brings would-be hackers to tears. Kind of touching, isn't it?

Anyway, we created a special page where you can learn more about security levels from JavaScript and PHP input filtering, and why it IS still a good idea to use JavaScript input filtering with validators.

In the code below, you'll see how one can deal with validation in several ways. If you'd like to try out our regular-expression-general-input-validator, use the link below:
regular-expression-general-input-validator.htm

The first filtering method is the trusty JavaScript alert, in which you inform the user that you're serious about him or her typing only acceptable characters, and you remind him or her what characters are okay. The function check() will make sure they have 1 to 50 characters—that's the {1,50} part of the regular expression. We allow hyphens, but 2 in a row is dangerous, so we run the p=p.replace(/--/g," -") routine twice, since once occasionally leaves 2 in a row. Allowing hyphens is good since there are tons of legitimate uses for them. In the regular expression character class [A-Za-z0-9! @\,\.\?_-], we allow uppercase and lowercase letters, numbers, exclamation marks, spaces, @ signs, commas, periods, question marks, underscores, and hyphens. if (document.form.generalinput.value.search(ck_general)==-1) looks at the contents of the filled out form input field and if it does not match the regular expression variable ck_general, the ==-1 (meaning false or failure) will be what the if statement finds, and the chastising alert will spring up and shame them without mercy. (Okay—not so much.) By the way, for testing here we used {alert("Your general input validated OK.");
d.generalinput.value='';d.generalinput.focus();return false}} for good input, but for real use, change all that to {return true}}. There's no point in an OK message. The return true will cause the form to submit. So make sure the action=
" " in the form tag gets a better action script than " ".

The second filtering method is the trusty fix-it-by-editing-it method, and it uses function check_edit(), in which you delete all unacceptable characters by replacing them with an empty string "". Note that in p=p.replace(/[^A-Za-z0-9! @\,\.\?_-]/g,""), the regular expression character class has a ^ at the beginning of the expression. This means negation. So all characters that are NOT in this character class will get replaced by the "". Also note that we edit all instances of 2 hyphens in a row until there's only one—for safety. Finally, check out what happens if they just hit submit with no content. The length will be 0 so we change the content to
" " instead—a space. However invisible, it's at least legitimate. Perhaps the user wishes to fill in better data at a later time. Of course, if you want to give an alert or type in N.A. or change the content to something else, that's fine. We let the user see the content after editing, by use of a confirm box, and s/he gets to veto it or give a hearty thumbs up. Notice that {alert("Accepted"); d.generalinput.value='';d.generalinput.focus();} should be replaced with {return true} when you actually use the code somewhere.

The third filtering method is the trusty escape-all-special-characters method, and it uses function check_escape(), in which you use JavaScript's old reliable escape() and unescape() functions to encode a string, which makes a string portable, so it can be transmitted across any network to any computer that supports ASCII characters. The encoding turns the special characters (except * @ - _ + . /) into ASCII tokens. And the unescape() function reverts any ASCII tokens back to regular characters. But escape() doesn't do / ? = & @ + - so we escaped them separately. And if the user happened to paste in characters above ASCII 127, these are escaped as well, though they're not on keyboards—which explains why we said "paste in," not type in. By the way, change the return false;} at the end of the function to return true;} for real use.

No JavaScript filtering method can be counted on to get the job done, because 5% have JavaScript disabled for safety and a few others have it disabled for hacking, since our validation routines cannot run if JavaScript is not enabled. Don't forget to check out security levels from JavaScript and PHP input filtering for ideas and info about all this stuff.

You might wish to scope out our final form. There are 2 input boxes that get filled by the function check_escape(), not by the user. So, d.generalinputescaped.value=p; and p=unescape(p); and d.generalinputunescaped.value=p; are meant to show the before and after. The first is the escaped string and the second is after it gets turned from ASCII tokens to regular characters. The actual input box names are, respectively, generalinputescaped and generalinputunescaped.

<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<TITLE>Regular Expression General Input Validator</TITLE>
<meta name="description" content="Good, Tested, Regular Expression General Input Validators">
<meta name="keywords" content="Regular Expression General Input Validator,javascript Regular Expression General Input Validator,javascript, dhtml, DHTML">

<script language=javascript>

function check(){

var ck_general = /^[A-Za-z0-9! @\,\.\?_-]{1,50}$/;
d=document.form;
p=d.generalinput.value;
p=p.replace(/--/g," -");
p=p.replace(/--/g," -");
d.generalinput.value=p;
if (document.form.generalinput.value.search(ck_general)==-1)
{alert("Please only type letters, numbers, and ! @ , - . ? _ or space in your general input.");
d.generalinput.value='';d.generalinput.focus();return false}else
{alert("Your general input validated OK.");
d.generalinput.value='';d.generalinput.focus();return false}}

function check_edit(){

d=document.form2;
p=d.generalinput.value;
l=p.length;
if (l<1) {p=" ";}
p=p.replace(/--/g," -");
p=p.replace(/--/g," -");
//% + - & ; ` ' \ " | * ? ~ < > ^ ( ) [ ] { } $ THESE ARE INSECURE!
p=p.replace(/[^A-Za-z0-9! @\,\.\?_-]/g,"");
d.generalinput.value=p;
var r=confirm
("Press OK to accept "+p+" as general input or Cancel to reject it.");
if (r==true)
{alert("Accepted"); d.generalinput.value='';d.generalinput.focus();}else
{alert("It's rejected—try again.");
d.generalinput.value='';d.generalinput.focus();}
return false;}

function check_escape(){

d=document.form3;
p=d.generalinput.value;
l=p.length;
if (l<1) {p=" ";}
p=escape(p);
p = p.replace(/\//g,"%2F");
//characters above ASCII 127 are escaped
//as well, though they're not on keyboards
p = p.replace(/\?/g,"%3F");
// escape() doesn't do / ? = & @ + - so we escaped them separately
p = p.replace(/=/g,"%3D");
p = p.replace(/&/g,"%26");
p = p.replace(/@/g,"%40");
p = p.replace(/\+/g,"%2B");
p = p.replace(/-/g,"%2D");
d.generalinputescaped.value=p;
p=unescape(p);
d.generalinputunescaped.value=p;
return false;}

</script>
</HEAD>
<body>
<BR><BR><BR><BR>

<form style='margin-left:240px' name='form' action=" " method="POST" onsubmit="return check()">
Use letters, numbers, and <b>! @ , - . ? _ or space</b> in your general input.<br>
<INPUT maxLength="50" type="text" name="generalinput" size="50">
<INPUT TYPE="SUBMIT" value="Submit General Input">
<INPUT TYPE="RESET" value="reset">
</form>

<BR><BR><BR><BR>
<form style='margin-left:240px' name='form2' action=" " method="POST" onsubmit="return check_edit()">
Use letters, numbers, and <b>! @ , - . ? _ or space</b> in your general input.<br>Your general input will be edited is you goof.<br>
<INPUT maxLength="50" type="text" name="generalinput" size="50">
<INPUT TYPE="SUBMIT" value="Submit General Input">
<INPUT TYPE="RESET" value="reset">
</form>

<BR><BR><BR><BR>
<form style='margin-left:240px' name='form3' action=" " method="POST" onsubmit="return check_escape()">
Type whatever. Your general input will be escaped for safety.<br>
<INPUT maxLength="50" type="text" name="generalinput" size="50"> Type up to 50 characters<br>
<INPUT TYPE="SUBMIT" value="Submit Input to be Escaped"> <INPUT TYPE="RESET" value="reset"><br>
Escaped Escaped Escaped Escaped Escaped Escaped Escaped Escaped Escaped Escaped Escaped Escaped Escaped <br>
<INPUT style='margin-left:-239px' type="text" name="generalinputescaped" size="158">
<INPUT type="text" name="generalinputunescaped" size="50"> Unescaped<br>
</form>

</BODY>
</HTML>