This PHP function is ever-so-helpful. I use it for quickly, easily, and safely reading information from user input on web pages in either GET or POST submissions. It allows you to limit how much information they can feed back to you and also contains a regex filter capability so you can say “they can only submit information of such-and-such format.”
Example:
Get no more than 40 characters from the user supplied HTML field:
$userfield = request(“formfieldname”, 40, “/^\w+$/”);
Get any number of bytes (any type of data) from the user supplied HTML field:
$userfield = request(“formfieldname”);
<?php
// Copyright (C) 2005 James Bly
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
function request($item, $len = 0, $regex = '')
{
$data = '';
if(isset($_GET[$item])) $data = ($len)?substr($_GET[$item], 0, $len):$_GET[$item];
if(isset($_POST[$item])) $data = ($len)?substr($_POST[$item], 0, $len):$_POST[$item];
if(strlen($regex) && !preg_match($regex, $data)) return FALSE;
if($data) return $data;
return FALSE;
}
?>