form security

[cdoggg94]

i want to make a form that has a name, subject, email and comment input box... this is all done and working.

 

the thing i am having trouble with is making the comment box not allow links in it.

 

i thought it would be something like:

 

if("comments" == "<a href=''></a>"){

echo "You have Entered the Wrong Information";

}else{

 

Insert Record Code..

 

}

 

the "comments" name is the name of the comment text box.

 

is this anywhere near what it should be ?

[AbraCadaver]

is this anywhere near what it should be ?

 

No.  Do you want to strip out the links or just reject the submission?

[ale8oneboy]

Are you looking to not allow links/urls at all or just eliminate html tags? You could try 'strip_tags' function after form submit.

 

Take a look at: http://php.net/manual/en/function.strip-tags.php

[cdoggg94]

i want to reject the submission all together

[cdoggg94]

i have been getting spammed a lot but i dont want to have to make people have to sign up and i thought that maybe disallowing links in that would would be a quick solution

[AbraCadaver]

Lot's of ways, maybe:

 

if(stripos($_POST['comments'], '<a ') !== false) {
   die('Die spammer die!');
}

[cdoggg94]

haha ill try that or something similar..

 

thanks a lot for your help either way

[cdoggg94]

it wasnt woking but could something like this have the same type of outcome ?

 

if(stripos($_POST['Comment'], '<a ') == true) {

  die('Die spammer die!');

 

}

 

 

[cdoggg94]

never mind it works fine

[zenlord]

Using the filters that come with PHP 5.2, you could validate or sanitize this very easily - they have a check for URL...

[cdoggg94]

ill definitely look into it

you have been very helpful

 

thanks again