Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Project Development
Re: PHP Coding question in regards to validat user input before passing it into mysq
by
TryNinja
on 11/12/2019, 00:12:05 UTC
Quote from: retteDenTierpark on December 11, 2019, 12:08:31 AM
in this function the address variable is happy

and i dont understand your code

you not validating the input

or at least i cant figure out how you validate it and where

you just posted this

if (isset($_POST["address"])) {
    $address = $_POST["address"];
    if (checkAddress($address) {
        addAddressToDb($address);
    } else {
        $error = "Invalid address.";
    }
} else {
    $error = "Please input an address.";
}


where does it get validated and how does this go into my database if its valid
Dude...

Code:
if (checkAddress($address) {
   .... code address valid
} else {
   ... code address not valid
}

checkAddress is the function from your pastebin code.
Code:
function checkAddress($address)
{
    $origbase58 = $address;
    $dec = "0";
 
    for ($i = 0; $i < strlen($address); $i++)
    {
        $dec = bcadd(bcmul($dec,"58",0),strpos("123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz",substr($address,$i,1)),0);
    }
 
    $address = "";
 
    while (bccomp($dec,0) == 1)
    {
        $dv = bcdiv($dec,"16",0);
        $rem = (integer)bcmod($dec,"16");
        $dec = $dv;
        $address = $address.substr("0123456789ABCDEF",$rem,1);
    }
 
    $address = strrev($address);
 
    for ($i = 0; $i < strlen($origbase58) && substr($origbase58,$i,1) == "1"; $i++)
    {
        $address = "00".$address;
    }
 
    if (strlen($address)%2 != 0)
    {
        $address = "0".$address;
    }
 
    if (strlen($address) != 50)
    {
        return false;
    }
 
    if (hexdec(substr($address,0,2)) > 0)
    {
        return false;
    }
 
    return substr(strtoupper(hash("sha256",hash("sha256",pack("H*",substr($address,0,strlen($address)-8)),true))),0,8) == substr($address,strlen($address)-8);
}

When you call this function passing the address (which comes from the $address = $_POST["address"] variable, which is passed through the input on the form), it checks if its valid. If it's valid, the rest of the code runs. If it's not, runs the ELSE code. If you don't get this, you probably don't know PHP.

The code I posted above IS 100% WORKING. Everything is there. You just need to read the code and see what is doing.


Edit:
Quote from: retteDenTierpark on December 11, 2019, 12:08:31 AM
i posted the complete check address function but i see nowhere how you pass the input through it

if (isset($_POST["address"])) {
    $address = $_POST["address"];
    if (checkAddress($address) {
        addAddressToDb($address);
    } else {
        $error = "Invalid address.";
    }
} else {
    $error = "Please input an address.";
}