Filtering POST List Menu results

i filtering input protect against attack , confirm values correct prior database entry, @ moment code , works.

 

// filter post type

$sanitized = filter_input(input_post, 'type', filter_sanitize_string);

$_post['type'] = trim($sanitized);

// make sure of expected value

$typearray = array("0", "apt", "cor", "dup", "far", "rui", "tow", "vil", "bun", "car", "cav", "fin", "gol", "lan", "log", "pen", "vill", "bus", "com");

// if not expected value redirect custom error page says database unavailable @ time please try later

if (!in_array($_post['type'], $typearray)) {

header("location: $redirect_unavailable");

exit;

}

// item menu not selected redisplay options error on page

if ($_post['type'] == '0') {

$error['errtype'] = 'please select type';

}

 

however, unsure of when attacks occur, user (including genuine user) need using form attack occur, or can injections happen because pages out there??

what trying @ if genuine user selecting list menu , made selection other program injecting stuff without knowledge after stripping script , html tags, code may still have other stuff within post['type']  expected value? if not want sending genuine user custom error page when had done nothing wrong, therefore trying work out how filter list menus when know values should remove except real value. other thing not sure necessary may after removing script , html tags there not else except real value left. hope see mean.

if wise filter else except expected how got doing this?

as appreciate help.

thank in advance.

still me trying filter list menu remove except expected values.

i have come idea struggling make work, appreciated.

i trying use along lines of:

 

$expectedregex = array ("0", "1", "2", "n/a", "cor", "vil");

the expected values letters, words, or n/a, , want match them , filter out everyting esle regex check letters , numbers not looking for. writing regex causing me problems. (i insert regex code below:

 

$sanitized = filter_input(input_post, '$var', filter_validate_regexp, array('options' => array('regexp' => '/^ $expectedregex /')));

 

perhaps there better way this?, or on right lines need regex code?

all gratefully received.

More discussions in Develop server-side applications in Dreamweaver

adobe