MySQL_Narb Posted October 15, 2009 Share Posted October 15, 2009 I have a from, actually, a good amount of forms. How can I make it so you can't type the characters: '!~*&^%().;-_ in the form? Where it completely blocks those characters. Quote Link to comment https://forums.phpfreaks.com/topic/177755-how-would-i-protect/ Share on other sites More sharing options...
slyte33 Posted October 15, 2009 Share Posted October 15, 2009 if (!preg_match("/^[-_a-zA-Z0-9]+$/", $_POST['test'])) { //If what your wanting contains those illegal characters... echo "Contains illegal characters"; } Quote Link to comment https://forums.phpfreaks.com/topic/177755-how-would-i-protect/#findComment-937238 Share on other sites More sharing options...
MySQL_Narb Posted October 15, 2009 Author Share Posted October 15, 2009 Thank you! Quote Link to comment https://forums.phpfreaks.com/topic/177755-how-would-i-protect/#findComment-937239 Share on other sites More sharing options...
MySQL_Narb Posted October 15, 2009 Author Share Posted October 15, 2009 Wait, when I added it, everytime I try and post it doesn't work. It keeps saying illegal characters, test here: http://chataddict.netau.net/index.php Username: demo Pass: demo Code: <?php require "global_settings.php"; ?> <title><?php echo $sitetitle; ?></title> <center><style type="text/css"> a:link { color:#24374C; text-decoration:bold; } a:visited { color:#24374C; text-decoration:bold; } a:active { outline: none; color:#24374C; text-decoration:bold; } body {background-color:#b0c4de} div.box { width:250px; padding:10px; border:3px double #000000; margin:10px; background-color:#74AFF2; } p { border-top-style:dotted; border-right-style:solid; border-bottom-style:dotted; border-left-style:solid; } div.menu-blue { BORDER-RIGHT: #333366 1px solid; BORDER-LEFT: #6699cc 1px solid; BORDER-TOP: #6699cc 1px solid; BORDER-BOTTOM: #333366 1px solid; FONT-WEIGHT: normal; FONT-SIZE: 2px; COLOR: #ffffff; FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif; BACKGROUND-COLOR: #23559C; TEXT-DECORATION: none; font-stretch : condensed; } .menu-top { BORDER-RIGHT: 1px solid #333366; BORDER-TOP: 1px solid #6699CC; FONT-WEIGHT: normal; FONT-SIZE: 2px; BORDER-LEFT: 1px solid #6699CC; COLOR: #FFFFFF; BORDER-BOTTOM: 1px solid #333366; FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif; BACKGROUND-COLOR: #23559C; TEXT-DECORATION: none; font-stretch : condensed } </style> <center> <div class='menu-blue'> <div align="center"> <table width="600" cellspacing="1" cellpadding="5" style="background-color:#23559C"> <tr> <td style="background-color:#FFFFFF"> <div align="center"> <table border="0"> </form> </table> <?php $con = mysql_connect("$dbhost", "$dbuser", "$dbpassword") or die(mysql_errno()); if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) { $_POST = array_map('stripslashes', $_POST); } $name = mysql_real_escape_string($_POST['name']); $message = mysql_real_escape_string($_POST['message']); if (!preg_match("/^[-_a-zA-Z0-9]+$/", $message)) { echo "<div class='box'>Contains illegal characters!</div>"; } else { if (!$name) { echo "<div class='box'><b><span style='color:red'>You must be logged in to post!</span></b></div>"; } else { //connect $connect = mysql_connect("$dbhost","$dbuser","$dbpassword") or die("Connection failed!"); mysql_select_db("$db") or die("Database fail!"); //write $write = mysql_query("INSERT INTO posts VALUES ('','$name','$message')") or die(mysql_error()); echo "<div class='box'><font face='arial'><b><span style='color:green'>Posted! Your name was:</span> $name</b> - Your message was....<br><br><b>$message - <a href='index.php'>View it!</a></b>"; } } ?> Quote Link to comment https://forums.phpfreaks.com/topic/177755-how-would-i-protect/#findComment-937241 Share on other sites More sharing options...
slyte33 Posted October 15, 2009 Share Posted October 15, 2009 Are you replacing $_POST['test'] with $_POST['message'] , as the i gave above says that. Also add an "exit;" at the end, before the "}" Quote Link to comment https://forums.phpfreaks.com/topic/177755-how-would-i-protect/#findComment-937243 Share on other sites More sharing options...
MySQL_Narb Posted October 15, 2009 Author Share Posted October 15, 2009 if (!preg_match("/^[-_a-zA-Z0-9]+$/", $_POST['message'])) { echo "<div class='box'>Contains illegal characters!</div>"; exit } = Parse error: syntax error, unexpected '}' in /home/a5488351/public_html/post.php on line 88 Quote Link to comment https://forums.phpfreaks.com/topic/177755-how-would-i-protect/#findComment-937247 Share on other sites More sharing options...
slyte33 Posted October 15, 2009 Share Posted October 15, 2009 replace if (!preg_match("/^[-_a-zA-Z0-9]+$/", $_POST['message'])) { echo "<div class='box'>Contains illegal characters!</div>"; } exit with if (!preg_match("/^[-_a-zA-Z0-9]+$/", $_POST['message'])) { echo "<div class='box'>Contains illegal characters!</div>"; exit; } Quote Link to comment https://forums.phpfreaks.com/topic/177755-how-would-i-protect/#findComment-937251 Share on other sites More sharing options...
MySQL_Narb Posted October 15, 2009 Author Share Posted October 15, 2009 Still gives me the same crap! "Contains Illegal Characters" When I type in regular text, like: AAA and aaa I know it has something to do with "/^[-_a-zA-Z0-9]+$/" But what? Quote Link to comment https://forums.phpfreaks.com/topic/177755-how-would-i-protect/#findComment-937252 Share on other sites More sharing options...
slyte33 Posted October 15, 2009 Share Posted October 15, 2009 Let's test something.. replace <textarea name="message" rows="10"></textarea> with <input type=text name=message> see if that helps, it will be a smaller box, but this is for tests Quote Link to comment https://forums.phpfreaks.com/topic/177755-how-would-i-protect/#findComment-937253 Share on other sites More sharing options...
MySQL_Narb Posted October 15, 2009 Author Share Posted October 15, 2009 I'll try it, and I'll edit this message when I'm done. Still the same thing. Quote Link to comment https://forums.phpfreaks.com/topic/177755-how-would-i-protect/#findComment-937254 Share on other sites More sharing options...
MySQL_Narb Posted October 15, 2009 Author Share Posted October 15, 2009 It's working now. I don't know why it decides to work now... Thank you! Quote Link to comment https://forums.phpfreaks.com/topic/177755-how-would-i-protect/#findComment-937256 Share on other sites More sharing options...
MySQL_Narb Posted October 15, 2009 Author Share Posted October 15, 2009 Once again, I found another error. You cannot use spaces or 's...or anything really! Quote Link to comment https://forums.phpfreaks.com/topic/177755-how-would-i-protect/#findComment-937257 Share on other sites More sharing options...
slyte33 Posted October 15, 2009 Share Posted October 15, 2009 Sorry, i feel very dumb.. replace all you have with this: remove any characters contained in the slashes you dont want out: so you can remove any of this: ^[-_a-zA-Z0-9]+$ if (preg_match("/^[-_a-zA-Z0-9]+$/", $_POST['message'])) { echo "<div class='box'>Contains illegal characters!</div>"; exit; } Quote Link to comment https://forums.phpfreaks.com/topic/177755-how-would-i-protect/#findComment-937258 Share on other sites More sharing options...
MySQL_Narb Posted October 15, 2009 Author Share Posted October 15, 2009 But it still won't allow periods, quotations, spaces, etc. Quote Link to comment https://forums.phpfreaks.com/topic/177755-how-would-i-protect/#findComment-937260 Share on other sites More sharing options...
slyte33 Posted October 15, 2009 Share Posted October 15, 2009 Ok so a much quicker and easier way to do this would be: $message = strip_tags($_POST['message']); then replace: echo $_POST['message']; with echo "$message"; Quote Link to comment https://forums.phpfreaks.com/topic/177755-how-would-i-protect/#findComment-937262 Share on other sites More sharing options...
MySQL_Narb Posted October 15, 2009 Author Share Posted October 15, 2009 Why do you have echo "$message"; ? When messages are posted they are stored in the database and viewed by extracting that data. Whats echo "$message"; suppose to be? Quote Link to comment https://forums.phpfreaks.com/topic/177755-how-would-i-protect/#findComment-937265 Share on other sites More sharing options...
slyte33 Posted October 15, 2009 Share Posted October 15, 2009 $message = strip_tags($_POST['message']); $message is the same thing as echoing out the actual post, except this will strip all html tags from it. Quote Link to comment https://forums.phpfreaks.com/topic/177755-how-would-i-protect/#findComment-937268 Share on other sites More sharing options...
Zane Posted October 15, 2009 Share Posted October 15, 2009 you have your preg_match wrong.. the ^ (carrot) should be inside the brackets. if (preg_match("/[^-_a-zA-Z0-9]+/", $_POST['test'])) Quote Link to comment https://forums.phpfreaks.com/topic/177755-how-would-i-protect/#findComment-937350 Share on other sites More sharing options...
cags Posted October 15, 2009 Share Posted October 15, 2009 "/[^-_a-zA-Z0-9]+/" Will match one or more of any character other than those listed. ^[-_a-zA-Z0-9]+$ Will match if the string consists of only the allowed characters. Are they not both equally viable options? The only difference is whether you consider the item as validated when preg_match returns true or false. you have your preg_match wrong.. the ^ (carrot) should be inside the brackets. Is that not a caret character as opposed to an orange vegetable? Quote Link to comment https://forums.phpfreaks.com/topic/177755-how-would-i-protect/#findComment-937357 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.