Buti Othaniel Doubata Posted August 26, 2009 Share Posted August 26, 2009 can some one please help me on checking the posted comments from users if they have "url" links...please check the bolted code below : if (!$dbh) { die("Error in connection: " . pg_last_error()); } // escape strings in input data $name = pg_escape_string($_POST['name']); $comment = pg_escape_string($_POST['comment']); $Timestamp = mktime(0,0,0); $date = $Timestamp; if (!isset($_POST['comment'])){ preg_match('/[0-9a-z@,_.!:\'\s]+/im', $comment); } else{ echo "got yah"; } // execute query $sql = "INSERT INTO comments.demo_comment (name ,comment) VALUES('" . $name . "','" . $comment . "')"; //echo $sql; $result = pg_query($dbh,$sql); if (!$result) { die("Error in SQL query: " . pg_last_error()); } echo"<br>"; echo"<table align='center'>"; echo"<tr>"; echo"<td>"; echo "<p style=font-size:10.0pt;color:#990000;text-align:center>Thank You for your comment <img src='site_pics/integrity_pass.png'></p>"; //echo "<p style=font-size:10.0pt;color:#FFFFFF>successfully commented!</p>"; echo"</td>"; echo"</tr>"; echo"</table>"; //free memory pg_free_result($result); //close connection pg_close($dbh); [/] Quote Link to comment Share on other sites More sharing options...
ignace Posted August 26, 2009 Share Posted August 26, 2009 if (!empty($_POST['comment']) && preg_match('/[0-9a-z@,_.!:\'\s]+/im', $_POST['comment'])) { Quote Link to comment Share on other sites More sharing options...
Buti Othaniel Doubata Posted August 26, 2009 Author Share Posted August 26, 2009 yes i found it ...damn...i found it.....but i cant block them from sending "URL" s but have found a simple way for me not to display their URL comments. here we go....you are welcome to help make the code more stronger. // execute query $query = "SELECT name,comment,the_time,date FROM comments.vw_comments"; $result = pg_exec($dbh, $query); if ($result) { echo "<table width=300>"; for ($row = 0; $row < pg_numrows($result); $row++) { $name = pg_result($result, $row, 'name') . " "; $comment = pg_result($result, $row, 'comment') . " "; $the_time = pg_result($result,$row, 'the_time'). " "; $date = pg_result($result,$row, 'date'). " "; $comment = preg_replace('/<[^>]*>/', '', $comment); echo "<tr>"; echo "<td bgcolor=edecf1 width=300 style=font-size:8.0pt>"; echo "<img src=site_pics/comment.png><span style=color:#0000A0><b>$name</b>:</span>$comment<br /><span style=color:#7f7f81>$date $the_time</span>"; echo "</td>"; echo "</tr>"; //echo "<tr><td style='border-bottom: 15px solid #ffffff'><img src='application/images/for_fun.jpg'></td></tr>"; } echo "</table>"; } else { echo "The query failed with the following error:<br>\n"; echo pg_errormessage($dbh); } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.