stop users from entering too many chars.

[stefsoko]

How would I incorporate a function to simply check the "name" and "message" for a certain amount of chars, like 15 & 150?

 

<form method="post" action="chat.php">
<p><input name="name" type="text" id="name" value="your name" size="10" maxlength="15">
<input name="message" type="text" id="message" value="your message" size="20" maxlength="150">
<input name="submit" type="submit" id="submit"></p>
</form>
</body>
</html>
<?php

// when the submit button is clicked
if(isset($_POST['submit']))
{

// strip any html tags before continuing
$name=strip_tags($_POST['name']);
$message=strip_tags($_POST['message']);

// stop if nothing was entered
if($name!='')
if($message!='')
{

// trim any extra whitespace
$data=trim($name)."\n";
$data.=trim($message)."\n";

//open the text file and enter the data
$file_ar=file("db.txt");
$fp=fopen("db.txt","w");
fputs($fp,$data);
if($file_ar!=NULL)
{
$loop=0;
foreach($file_ar as $line)
{

// do not store more than 20 messages
if($loop>=19*3) break;
fputs($fp,$line);
$loop++;
}
}
fclose($fp);
}
}

// display the messages
$fp=fopen("db.txt","r");
while(!feof($fp))
{
$name=trim(fgets($fp,999));
$message=trim(fgets($fp,999));
if($name!='')
{
echo "<p><b>$name: </b>$message</p>";
}
}
fclose($fp);
?>

[Krash]

 

The maxlength parameter will prevent the user from inputting more than the specified number of characters, so you shouldn't have to check for it.

 

 

[.josh]

The maxlength parameter will prevent the user from inputting more than the specified number of characters, so you shouldn't have to check for it.

 

...which can easily be circumvented.  You should never validate client-side.  You can find out the length of the string using strlen().  Make a condition that checks if string is greater than amount of chars you want to limit it by.

 

[Krash]

 

Just curious, but why would anyone want to circumvent maxlength?  Can malicious code be posted that way?

 

 

[Pikachu2000]

People will try to circumvent things just to be an asshat and see if they can.

[cssfreakie]

 

Just curious, but why would anyone want to circumvent maxlength?  Can malicious code be posted that way?

people can order a pizza for 1 cent in a similar way. if the website is made by monkeys.

 

http://advosys.ca/papers/web/61-web-security.html#hidden

[perky416]

Hi Stefsoko,

 

As Crayon Violent suggested, i use strlen().

 

An example you might use could be:

	if (strlen($message) < 15 || strlen($message) > 150)
	{
		echo "Your message must be between 15 and 150 characters!";
	}

[cyberRobot]

The maxlength parameter will prevent the user from inputting more than the specified number of characters, so you shouldn't have to check for it.

 

...which can easily be circumvented.  You should never validate client-side.  You can find out the length of the string using strlen().  Make a condition that checks if string is greater than amount of chars you want to limit it by.

 

You may want to consider using both maxlength and strlen(). Client-side validation can be circumvented, but that doesn't mean you should never use it. Client-side validation has it's place but I agree that you shouldn't depend on it.