Thursday, 20 April 2017

php - Editing form to sanitize/validate phone number



I have very limited experience with PHP and I'm really hoping someone can help me.



What I want to do is sanitize/validate the phone number input so that only numbers are allowed.



I think I need to use FILTER_SANITIZE_NUMBER_INT but I'm not sure where or how to use it.




Here is my code:




// Replace the email address with the one that should receive the contact form inquiries.
define('TO_EMAIL', '########');

$aErrors = array();
$aResults = array();


/* Functions */

function stripslashes_if_required($sContent) {

    if(get_magic_quotes_gpc()) {
        return stripslashes($sContent);
    } else {
        return $sContent;
    }
}


function get_current_url_path() {

    $sPageUrl = "http://".$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
    $count = strlen(basename($sPageUrl));
    $sPagePath = substr($sPageUrl,0, -$count);
    return $sPagePath;
}

function output($aErrors = array(), $aResults = array()){ // Output JSON


    $bFormSent = empty($aErrors) ? true : false;
    $aCombinedData = array(
        'bFormSent' => $bFormSent,
        'aErrors' => $aErrors,
        'aResults' => $aResults
        );

    header('Content-type: application/json');
    echo json_encode($aCombinedData);

    exit;
}

// Check supported version of PHP
if (version_compare(PHP_VERSION, '5.2.0', '<')) { // PHP 5.2 is required for the safety filters used in this script

    $aErrors[] = 'Unsupported PHP version. 
Minimum requirement is 5.2.
Your version is '. PHP_VERSION .'.';
    output($aErrors);
}



if (!empty($_POST)) { // Form posted?

    // Get a safe-sanitized version of the posted data
    $sFromEmail = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
    $sFromName = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);

    $sMessage  = "Name: ".stripslashes_if_required($_POST['name']);
    $sMessage .= "\r\nEmail: ".stripslashes_if_required($_POST['email']);
    $sMessage .= "\r\nBusiness: ".stripslashes_if_required($_POST['business']); 

    $sMessage .= "\r\nAddress: ".stripslashes_if_required($_POST['address']);
    $sMessage .= "\r\nPhone: ".stripslashes_if_required($_POST['phone']);
    $sMessage .= "\r\nMessage: ".stripslashes_if_required($_POST['message']);
    $sMessage .= "\r\n--\r\nEmail sent from ". get_current_url_path();

    $sHeaders  = "From: '$sFromName' <$sFromEmail>"."\r\n";
    $sHeaders .= "Reply-To: '$sFromName' <$sFromEmail>";

    if (filter_var($sFromEmail, FILTER_VALIDATE_EMAIL)) { // Valid email format?


        $bMailSent = mail(TO_EMAIL, "New inquiry from $sFromName", $sMessage, $sHeaders);
        if ($bMailSent) {
            $aResults[] = "Message sent, thank you!";
        } else {
            $aErrors[] = "Message not sent, please try again later.";
        }

    } else {
        $aErrors[] = 'Invalid email address.';
    }

} else { // Nothing posted
    $aErrors[] = 'Empty data submited.';
}


output($aErrors, $aResults);

Answer



Have you looked into PHP's preg_replace function? You can strip out any non-numeric character by using preg_replace('/[^0-9]/', '', $_POST['phone']).




Once you filter out the character data, you can always check to see if it is of a desired length:



$phone = preg_replace('/[^0-9]/', '', $_POST['phone']);
if(strlen($phone) === 10) {
    //Phone is 10 characters in length (###) ###-####
}


You can also use PHP's preg_match function as discussed in this other SO question.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

c++ - Does curly brackets matter for empty constructor?

Those brackets declare an empty, inline constructor. In that case, with them, the constructor does exist, it merely does nothing more than t...