R0CKY Posted January 15, 2007 Share Posted January 15, 2007 I have been trying all evening to get a couple of condition checks inserted into an existing php page, but I am not having much luck.What I am tying to do is ensure that no URLs are accepted in a form field $text, the conditions I planned on using were..[code]if (strpos($text, "http") === false)if (strpos($text, "com") === false) [/code]The part of the code that inserts the data into the database follows, can anyone help my apply my two conditions so that the data will only be inserted into the database if the the $text is not a url?[code]if ($expostprotect != 0 AND $_GET['comments'] == 'add'){ smarty_redirect(lang('minuteprotection'), 'index.php?act=view&id='.$_GET['id'].'');}elseif ($nopostallowed < $max AND $_GET['comments'] == 'add'){ if ($_POST['com']['text'] == TRUE AND $_POST['com']['name'] == TRUE AND $_POST['com']['title'] == TRUE) { $db->insert('comments', array( array('file_id', xhtml_convert($_GET['id'])), array('news_id', ''), array('comments_text', xhtml_convert($_POST['com']['text'])), array('comments_poster', xhtml_convert($_POST['com']['name'])), array('comments_ip', xhtml_convert($_SERVER['REMOTE_ADDR'])), array('comments_title', xhtml_convert($_POST['com']['title'])), array('comments_time', time()) )); smarty_redirect(lang('comment_p'), 'index.php?act=view&id='.$_GET['id'].''); } else { smarty_redirect('The <b>'.lang('comment_title').'</b>, <b>'.lang('comment_name').'</b> or the <b>comment itself</b> is not filled in.', 'index.php?act=view&id='.$_GET['id'].''); }}elseif ($nopostallowed != 0 AND $_GET['comments'] == 'add'){ smarty_redirect(lang('comment_flood'), 'index.php?act=view&id='.$_GET['id'].'');}[/code]Many thanks for any help, I have been going mad over this. Quote Link to comment Share on other sites More sharing options...
R0CKY Posted January 16, 2007 Author Share Posted January 16, 2007 No help? ??? Quote Link to comment Share on other sites More sharing options...
scott212 Posted January 16, 2007 Share Posted January 16, 2007 I think it's generally better to focus on what you DO want in the blank, that will help you weed out the unknown attack. What are you trying to except? Is it a name? number? email? Regular expressions are key in data validation.I generally work it something like this:$error = 0;$test_alpha = "[a-zA-Z]{1,25}"; // regular expression: must only be upper or lower case letters and at least 1 and no more than 25if (ereg($test_alpha, $input)) { // if the input meets the conditions of the regular expression, do stuff do stuff;} Quote Link to comment Share on other sites More sharing options...
R0CKY Posted January 16, 2007 Author Share Posted January 16, 2007 It's a comments field, anything can go in it, but to weed out spam I want to use the aboce check to prevent any comments that contain a URL. Quote Link to comment Share on other sites More sharing options...
R0CKY Posted January 16, 2007 Author Share Posted January 16, 2007 I got it working, mainly by copy pasting simlar code from the same script, I have no idea what it means (especially the 3 ===), but it works ;)[code] if (strpos(xhtml_convert($_POST['com']['text']), "http") === false) { if (strpos(xhtml_convert($_POST['com']['text']), "www") === false) {[/code] Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.