Check for Strings

[mkebkr04]

Would anyone happen to know how to take two form inputs that will be inputted into the database and check them.  Basically they will be urls and I need to check to see if they start with http:// and if not I need to add http:// to it.

 

Say I have:

 

$bus_url and $int_url which are equal to  there own $_POST[.........] variables

 

I know I need and if statement to check for http:// and if its there I want to leave it alone else I want to add it I am just unsure where to put it in the code and what to put in general.

[Caesar]

<?php

function CheckURL($url) {

  if(preg_match('/http\:\/\/[aA-zZ0-9\.]+\.[aA-zZ0-9]+?[\?\=\_\-\/[aA-zZ0-9]+/', $url)) $link = $url;
    else  $link = 'http://'.$url;

  return $link;
}

?>

 

Though I caution that you should scrub/clean any user input and not assume that the url or link is valid to begin with. You'll want to check that as well.

[teng84]

simply use string function i think strrpos or strstr is enough and faster 

[Caesar]

simply use string function i think strrpos or strstr is enough and faster 

 

Assuming all his links are formatted the same. This is user input we're talking about. So many things can go wrong and so many things can be entered.

[Caesar]

By the way...in case that confused you, implementation would look something like this...

 

<?php

function CheckURL($url) {

  if(preg_match('/http\:\/\/[aA-zZ0-9\.]+\.[aA-zZ0-9]+?[\?\=\_\-\/[aA-zZ0-9]+/', $url)) $link = $url;
    else  $link = 'http://'.$url;

  return $link;
}

//// Assuming the POST variables have already been defined...

$linkone = CheckURL($_POST['linkone']); 
// If the link is 'google.com', 'http://google.com' will be returned.
$linktwo = CheckURL($_POST['linktwo']); 
// If the link is 'http://yahoo.com', the same value will be returned without changes.

?>

 

...But as stated...you want to make sure you check ALL user input to make sure no SQL injection or XSS is possible.

[teng84]

simply use string function i think strrpos or strstr is enough and faster 

 

Assuming all his links are formatted the same. This is user input we're talking about. So many things can go wrong and so many things can be entered.

what?

[teng84]

        $url ='www.phpfreaks.com/forums/index.php/board,1.0.html';
echo (substr($url,0,7) =='http://')?$url:'http://'.$url;

i guess thats enough 

 

[Caesar]

What happens if someone enters 'http:mydomain.com'? '...How about 'http:// whoops i have spaces and invalid characters here .com'?

 

One can't assume that a simple check based on string or character position will account for users who blindly type without thinking. Most people ont he internet don't :-P

[teng84]

What happens if someone enters 'http:mydomain.com'? '...How about 'http:// whoops i have spaces and invalid characters here .com'?

 

One can't assume that a simple check based on string or character position will account for users who blindly type without thinking. Most people ont he internet don't :-P

 

then if thats what you want to achieve ill use http://www.php.net/manual/en/function.filter-var.php rather that regex again much faster i guess

[Caesar]

Well...we're assuming now they're on PHP 5. Not a bad suggestion...but, would suggest accommodating a PHP 4 configuration as well.

[mkebkr04]

Thansk for th help I got it working