#28: Making Sure a Response Is One of a Set of Given Values

As I told you earlier, you can never assume that the data passed on by a form is safe. Let's look at this simple form item:

<SELECT NAME="card_type">
<OPTION value="visa">Visa</OPTION>
<OPTION value="amex">American Express</OPTION>
<OPTION value="mastercard">MasterCard</OPTION>
</SELECT>

How do you ensure that the data you're looking at is really Visa, American Express, or MasterCard? Simple: You store the data in array keys and then look at the array to make sure that there's an exact match. Here's an example:

<?php $credit_cards = array( "amex" => true, "visa" => true, "mastercard" => true, ); $card_type = $_POST["card_type"]; if ($credit_cards[$card_type]) { print "$card_type is a valid ...

Get Wicked Cool PHP now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Wicked Cool PHP by William Steinmetz, Brian Ward

#28: Making Sure a Response Is One of a Set of Given Values

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly