Security Features Not Working - Discussion Script

justlukeyou · June 2, 2012

Hi,

I am trying to write a discussion script however I can seem to get the security features to work so people can only enter letters and numbers. Does anyone know the right way to do this?

if(isset($_POST['form_id'])){
    $category = mysql_real_escape_string(trim($_POST['category']));
    $question = mysql_real_escape_string(trim($_POST['question']));
    $comments = mysql_real_escape_string(trim($_POST['comments']));
    $error = false;
    
    if(!isset($question) || empty($question)) {
        $error = "Please enter a question.";
    }


    if(preg_match("/[a-zA-Z0-9]{1,}$/", $question) == 0 && !$error) {
        $error = "The question you entered must contain only letters or numbers.";
    }
    
    if(preg_match("/[a-zA-Z0-9]{1,}$/", $comments) == 0 && !$error) {
        $error = "The comments you entered must contain only letters or numbers.";
    }
    
   
    if(!$error) {
        $query = mysql_query("INSERT INTO discussion (category, question, comments) VALUES ('".$category."', '".$question."', '".$comments."')");
        if($query) {
        } else {
            $error = "There was a problem with the submission. Please try again.";
        }
    }
}

scootstah · June 2, 2012

The pattern would be: /[a-z0-9\s]+/i

However, is that really what you want to do? What about punctuation?

justlukeyou · June 2, 2012

Hi,

What would you recommend? I have it working now so it enters only letters and numbers, but how do I echo the messages?

Do I echo errors?

<ul >


<li id="li_3" >

<label class="description" for="element_3">Choose Category:</label>

<select  class="element select medium" id="category" name="category"> 

<option value="" selected="selected">Please Choose a Category:</option>

<option value="Bedroom" >Bedroom</option>

<option value="Dining Room" >Dining Room</option>

<option value="Living Room" >Living Room</option>

<option value="Office" >Office</option>

<option value="Home Furnishings" >Home Furnishings</option>

<option value="Clearance" >Clearance</option>


</select>


</li>		
<li id="li_1" >

<label class="description" for="element_1">Your Question:</label>

<div>

<input id="element_1" name="question" class="element text medium" type="text" maxlength="300" value="<?php if($_POST['question']) echo $_POST['question']; ?>" /> 

</div> 

</li>		
<li id="li_2" >

<label class="description" for="element_2">Comments:</label>

<div>

<textarea id="element_2" name="comments" class="element textarea medium" value="<?php if($_POST['comments']) echo $_POST['comments']; echo $_POST['comments'];?>"></textarea> 

</div> 

</li>


<li class="buttons">
		    
<input type="hidden" name="form_id" value="submit" />
		    

<input id="saveForm" class="button_text" type="submit" name="submit" value="Submit" />

</li>

</ul>

Drummin · June 2, 2012

For textareas, echo between tags.

<textarea id="element_2" name="comments" class="element textarea medium"><?php if(isset($_POST['comments'])){ echo "{$_POST['comments']}";} ?></textarea>

justlukeyou · June 2, 2012

Oh I see so I simply add echo in front of the error code

    if(preg_match("/[a-zA-Z0-9]{1,}$/", $comments) == 0 && !$error) {
  echo    $error = "The comments you entered must contain only letters or numbers.";
    }

With the comments it means that someone has to enter a letter, is it possible to adapt the code so that someone can leave the comments blank?

Sign In

Security Features Not Working - Discussion Script

Recommended Posts

justlukeyou

Link to comment

Share on other sites

scootstah

Link to comment

Share on other sites

justlukeyou

Link to comment

Share on other sites

Drummin

Link to comment

Share on other sites

justlukeyou

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information