php - Form validation - security -

-

so i'm working on register form , have 4 fields: name, username, email , password. pick values of these fields in jquery , depending on if fields filled, pass them onto php script via ajax. safe form validations? worried data getting manipulated user.

further on in php script, check if posted values have data in them, proceed onto doing validations... validations parts i'm worried it's not best , there many flaws it.

    $name = $_post['name'];     $username = $_post['username'];     $email = $_post['email'];     $password = $_post['password'];   if (!preg_match("/^[a-za-z '-]+$/i", $name)) {          $errors = "please enter valid name.";      } else if (!preg_match("/^[a-za-z]+\s[a-za-z]+$/", $name)) {          $errors = "please enter first , last name.";      } else if (strlen($username) <= 3 || strlen($username) > 15) {          $errors = "please pick username between 4 - 15 characters. creative.";      } else if (!preg_match("/^[a-za-z][a-za-z0-9_.-]{4,15}$/", $username)) {          $errors = "please pick alphanumeric username between 4 - 15 characters.";      } else if (filter_var($email, filter_validate_email) === false) {          $errors = "please enter valid email.";      } else if (strlen($username )< 6 || strlen($username) > 32) {          $errors = "your password must atleast 6 characters.";      } else {          echo "valid";      }

are these validation steps secure? there loop holes user can manipulate data? also, hoping full name input, user input first , last name. these enough?

thank you.

as asked review, pls read wrote here... 

} else if (strlen($username )< 6 || strlen($username) > 32) {     $errors = "your password must atleast 6 characters."

Comments

Post a Comment

Popular posts from this blog

java - activate/deactivate sonar maven plugin by profile? -

-
i use sonar plugin executes if activated in maven profile. sonar runs on every compile. the problem build fail other team members not have sonar application installed locally. pom.xml checked in team members same copy including sonar configuration, don't want them modify purpose of disabling sonar (they might inadvertently check modified copy in). please advise how configure maven (.m2/settings.xml) and/or pom.xml sonar feature can enabled/disabled local profile. here sonar configuration in each project's pom.xml: <plugin> <groupid>org.codehaus.mojo</groupid> <artifactid>sonar-maven-plugin</artifactid> <version>1.0</version> <executions> <execution> <id>make-sonar</id> <phase>compile</phase> <goals> <goal>sonar</goal> </goals> </execution> </executions> ...
Read more

python - TypeError: can only concatenate tuple (not "float") to tuple -

-
i'm new python, question might easy, anyway, patience: as trying call newton-raphson method calculate implied volatility in black-scholes formula call/put option pricing, first thing is, newton method in scipy.optimize seems calculate function's zeros, in black-scholes formula, want function's value option price, not zero. (i'm new here programming, i'm not sure techniques.) should write function things like: def f(sigma, price): return bsformula(s0,k,r,t,q,sigma) - price then, while calling newton method, takes args=() 1 parameter in function, write this: value = newton(bsprice2, 0.5, args=price) but error message: file "bs.py", line 36, in bsimpvol value = newton(bsprice2, 0.5, args=float(price)) file "/usr/lib/python2.7/dist-packages/scipy/optimize/zeros.py", line 143, in newton q0 = func(*((p0,) + args)) typeerror: can concatenate tuple (not "float") tuple could tell me why that? how fix it? apprecia...
Read more

java - What is the difference between String. and String.this. ? -

-
this question has answer here: meaning of .this , .class in java 2 answers i'll straight point. im still learning bit of syntax , want know difference between code is code a: public class buttonz extends jbutton{ public buttonz(){ settext(new string(string.valueof(i))); } } please ignore fact i undeclared, not lost. code b: public class buttonz extends jbutton{ public buttonz(){ settext(new string(string.this.charat(i))); } } what don't yet understand difference in typing string.this , string. i under assumption when use dot operator on class accessing it's static methods(and/or variables if they're not hidden). i have studied little bit , have concluded when using string. accessing string static methods.. when using string.this. i'm accessing methods class buttonz extendi...
Read more