justlukeyou Posted June 2, 2012 Share Posted June 2, 2012 Hi, I am trying to write a discussion script however I can seem to get the security features to work so people can only enter letters and numbers. Does anyone know the right way to do this? if(isset($_POST['form_id'])){ $category = mysql_real_escape_string(trim($_POST['category'])); $question = mysql_real_escape_string(trim($_POST['question'])); $comments = mysql_real_escape_string(trim($_POST['comments'])); $error = false; if(!isset($question) || empty($question)) { $error = "Please enter a question."; } if(preg_match("/[a-zA-Z0-9]{1,}$/", $question) == 0 && !$error) { $error = "The question you entered must contain only letters or numbers."; } if(preg_match("/[a-zA-Z0-9]{1,}$/", $comments) == 0 && !$error) { $error = "The comments you entered must contain only letters or numbers."; } if(!$error) { $query = mysql_query("INSERT INTO discussion (category, question, comments) VALUES ('".$category."', '".$question."', '".$comments."')"); if($query) { } else { $error = "There was a problem with the submission. Please try again."; } } } Quote Link to comment Share on other sites More sharing options...
scootstah Posted June 2, 2012 Share Posted June 2, 2012 The pattern would be: /[a-z0-9\s]+/i However, is that really what you want to do? What about punctuation? Quote Link to comment Share on other sites More sharing options...
justlukeyou Posted June 2, 2012 Author Share Posted June 2, 2012 Hi, What would you recommend? I have it working now so it enters only letters and numbers, but how do I echo the messages? Do I echo errors? <ul > <li id="li_3" > <label class="description" for="element_3">Choose Category:</label> <select class="element select medium" id="category" name="category"> <option value="" selected="selected">Please Choose a Category:</option> <option value="Bedroom" >Bedroom</option> <option value="Dining Room" >Dining Room</option> <option value="Living Room" >Living Room</option> <option value="Office" >Office</option> <option value="Home Furnishings" >Home Furnishings</option> <option value="Clearance" >Clearance</option> </select> </li> <li id="li_1" > <label class="description" for="element_1">Your Question:</label> <div> <input id="element_1" name="question" class="element text medium" type="text" maxlength="300" value="<?php if($_POST['question']) echo $_POST['question']; ?>" /> </div> </li> <li id="li_2" > <label class="description" for="element_2">Comments:</label> <div> <textarea id="element_2" name="comments" class="element textarea medium" value="<?php if($_POST['comments']) echo $_POST['comments']; echo $_POST['comments'];?>"></textarea> </div> </li> <li class="buttons"> <input type="hidden" name="form_id" value="submit" /> <input id="saveForm" class="button_text" type="submit" name="submit" value="Submit" /> </li> </ul> Quote Link to comment Share on other sites More sharing options...
Drummin Posted June 2, 2012 Share Posted June 2, 2012 For textareas, echo between tags. <textarea id="element_2" name="comments" class="element textarea medium"><?php if(isset($_POST['comments'])){ echo "{$_POST['comments']}";} ?></textarea> Quote Link to comment Share on other sites More sharing options...
justlukeyou Posted June 2, 2012 Author Share Posted June 2, 2012 Oh I see so I simply add echo in front of the error code if(preg_match("/[a-zA-Z0-9]{1,}$/", $comments) == 0 && !$error) { echo $error = "The comments you entered must contain only letters or numbers."; } With the comments it means that someone has to enter a letter, is it possible to adapt the code so that someone can leave the comments blank? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.