Lets say i have a select box like this below

HTML Code:

<select name="title">
<option value="One">One</option>
<option value="Two">Two</option>
</select>

and i need to add the information to a database when someone chooses an option i know that i have to make sure that what is in the select boxes is what is meant to be in their, but i am not positive how to do this since their are lots of different options.

Below is what i thought of doing.

PHP Code:


<?php

if(!preg_replace("/^[a-zA-Z]+$/",$title)){
    echo 'Error message will go here';
}else{
    $title = $title;
}

?>

Is the above code the right way to validate select boxes?

you dont have to validate against the text of an option in a select box as the values have been predetermined by yourself

Quote:

Originally Posted by Knight13

Lets say i have a select box like this below

HTML Code:

<select name="title">
<option value="One">One</option>
<option value="Two">Two</option>
</select>

and i need to add the information to a database when someone chooses an option i know that i have to make sure that what is in the select boxes is what is meant to be in their, but i am not positive how to do this since their are lots of different options.

Below is what i thought of doing.

PHP Code:


<?php

if(!preg_replace("/^[a-zA-Z]+$/",$title)){
    echo 'Error message will go here';
}else{
    $title = $title;
}

?>

Is the above code the right way to validate select boxes?

Hi,

The select box is being created in the page you will be creating so you can put the appropriate data there, or what you can do is put the appropriate data in a table and generate this select box from it so you will not have to worry if the value being passed is correct or not.

Hope this helps.

Cheers,

~Maneet

And WHAT is the point of the code in the above post??????


YOU CANNOT TYPE INTO A SELECT BOX!!!!!! only the predetermined options can be selected.

SO if YOU choose to add an option value that is incorrect for that use. I would suggest you deserve the problems it may cause!!!

Well, rule #1 is to never trust user input so it's good that you're trying to validate data. One of my favorite and easy methods of this type is comparing against an array of valid values.

PHP Code:

if (!in_array($_POST['title'], array('One', 'Two'))) echo 'Error message will go here'; 


chrishirst~
I know that a person cannot type into a select box but i read somewhere that people can forge select box information, i personally do not know if that is true or not but i wanted to make sure, that is why i asked the question.

mgraphic~
That seems like a good thing to do but i have on select box with the names of all the countries in it and i really do not want to type in every singles country by hand is their any other way to validate it, where i do not have to type in every country? and do i even need to do it? i'm confused now.

Quote:

Originally Posted by Knight13

I know that a person cannot type into a select box but i read somewhere that people can forge select box information, i personally do not know if that is true or not but i wanted to make sure, that is why i asked the question.

It is true. For instance, in Opera if I wanted to add an option to a select field all I would have to do is view the source, manually type in the option code, and then click update and then I can submit the form as if the option I manually added was completely valid.

Edit:
This feature turns out to be very useful for a developer to test changes to a site on the fly, but it has obvious malicious uses as well.

Quote:

Originally Posted by Knight13

That seems like a good thing to do but i have on select box with the names of all the countries in it and i really do not want to type in every singles country by hand is their any other way to validate it, where i do not have to type in every country? and do i even need to do it? i'm confused now.

Unfortunately the only way to validate the data in this case is to check if the user submitted value is equal to one of the valid values. This means you'll need to have an array or some kind of list of countries. Personally if I were doing this I would use the same array for generating the select field and validating it:

PHP Code:

<?php
$countryList = array( ... ); //your list of countries

function generateCountryList()
{
     global $countryList;
     ?>
     <select name="country">
     <?php foreach($countryList as $c) : ?>
          <option value="<?php echo $c; ?>"><?php echo $c; ?></option>
     <?php endforeach; ?>
     </select>
     <?php
}

function validateCountry($userInput)
{
     global $countryList;

     if(in_array($userInput, $countryList))
          return true;

     return false;
}
?>

Thanks Nullpointer, i understand what you mean.