Php input validation - exact input only

Hey

I am struggling in trying to find a solution for the above problem. I have a simple html form and have some php code set up to validate the user input. Below is an example of how i am validating one particular field:

function validateField1($field1){
		//if it's NOT valid
		if(strlen($field1) < 1)
			return false;
		if(!preg_match('/^[A-Za-z0-9 ]+$/', $field1))
		return false;
		//if it's valid
		else
                return true;
		

So for that field if the user fails to enter anything or if they include anything other than Lower/Uppercase letters, numbers and a space then the script returns false and brings up the error.

Now i am trying to set up some fields where by the user must match their input with an exact string that i will set for it to correctly validate otherwise it will flag an error.

So for example on ‘field 2’ - the user must enter the input of ‘red’ or ‘blue’ or ‘green’ or ‘pink’. Anything other than either 1 of these will not be passed.

Now i know instantly from that it would seem i should just use the ‘select name’ and ‘option’ values for my html to just have those 4 options in a drop down list to select but it needs to be a typed user input not selected from a list.

Am i able to add exact terms into the above validation example or do i need to use a different technique? I have a feeling that it might be best to use MySql with this in the form of a database but i unfortunately have no knowledge of this language at present…

Is anyone able to help me out on this one?

Many thanks

Jon

function validateField2($field2) {
  if ($field2 == 'red' || $field2 == 'blue' || $field2 == 'green' || $field2 == 'pink')
    return true
  else
    return false
}

alternatively

function validateField2($field2) {
  $accepted = array('red', 'blue', 'green', 'pink');
  return in_array($field2, $accepted);
}

Dan thank you! so simple, i was trying pretty much the same thing out but only used ‘=’ instead of ‘==’ which seemed to do the trick.

The second option of the array is even better too and ideal.

Thank you again!

= is the assignment operator, it assigns the value on the right hand side to the variable on the left hand side

If cast to a boolean, it is always true

== is the comparison operator, it compares the value on the left hand side to the value on the right hand side

Just because you added the html for them to pick from does not mean someone will change your values and send you some spoof data to give you problems.

Dan showed you how to create something often termed a “white-list”, the value only passes the test if it checks positive against something in the list.

As for the length of the variable being less that 1, you might want to carefully check [fphp]isset/fphp and [fphp]empty/fphp in the manual, and only evoke your function if the variable is set at all.

This checklist should help open your eyes to some of the issues involved.

If you’re not doing so already, you may want to trim() your input values in case someone submits "red ".

Thank you for the further replies, i have included the trim() function and Cups thanks for the checklist, i am still very new at learning all this so references like this are a big help.