Just like in this example. The user has supplied an email for input. Assume that the input is validated by a PREG_MATCH() function that ensures the validity of the $_POST['email'] associated array.
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Example of Whitelist Validation</title>
</head>
<body>
<h2>Example of Whitelist Validation</h2>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<label for="txtemail">Email</label>
<input name="email" type="text" id="txtemail" maxlength="50" value="<?php if(isset($_POST['email']) ) echo $_POST['email']; ?>" />
<br />
<input type="submit" value="Submit" name="action" />
</form>
<?php
//...PREG_MATCH email validation
if (isset($_POST['email']) ){
$input_email = strtolower($_POST['email']);
mysql_connect("localhost", "dummy", "123456") or die("Unable to connect to database") ;
mysql_select_db("Attendees") or die ("Cannot select database or doesnot exist");
$result_id = mysql_query("SELECT email FROM tblContacts WHERE entry =1")or die ("Cannot query the database");
$approved_email_array=array();
while($row=mysql_fetch_array($result_id) ){
array_push($approved_email_array, $row);
}
if ( !empty($input_email) ) {
if (!in_array($input_email, $approved_email_array) ){
echo ("The email you have provided was not on the list. Good bye.");
} else{
echo ("<b>Welcome $input_email, please wait...</b>");
header('refresh 5; ../welcome.php');
}
} else{
echo ("Your email was not provided;");
}
}
?>
</body>
</html>
Explanation: Lets say you have a list email addresses stored in a MySQL database that your web application uses to processed to the next page.
- You place the email provided by the user in a variable and set it to lower-case. The reason is because the in_array() method that we are going to use is case-sensitive for string values (assuming the values are lower-case form in your database as well).
- You then place the approved emails (entry column from tblContacts is a Boolean value that determines if the email is approved or not) values in the database in an array with array_push() method. Place the elements retrieved in the $approved_email_array.
- Error Handling 1: If the value of user input is not empty proceed with the contents of the if branch, if not proceed to the else branch.
- Error Handling 2: If the user inputted email is not in the approved array then display an error message or else redirect the user to a welcome page.
No comments:
Post a Comment
Please leave me a few lines and tell me what you think.