Jump to content


Photo

stop users putting links in my guestbook


  • Please log in to reply
4 replies to this topic

#1 dimjnrbrown

dimjnrbrown
  • New Members
  • Pip
  • Newbie
  • 2 posts
  • LocationNewport, S.Wales, U.K.

Posted 24 February 2006 - 10:00 PM

I've got a php guestbook which i built myself and it works fine.
But I've got idiots going on there and they just keep putting links within their messages
advertising their own sites which is very annoying.
Is there a way to stop this by not allowing certain characters, for example '<' or '>'
cheers in advance

#2 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 24 February 2006 - 10:18 PM

Look at the function [a href=\"http://www.php.net/strip_tags\" target=\"_blank\"]strip_tags[/a]().

Ken

#3 benwhitmore

benwhitmore
  • Members
  • PipPip
  • Member
  • 12 posts

Posted 25 February 2006 - 11:58 AM

you could search the posted variable for invalid characters?



foreach (count_chars($your_posted_variable, 1) as $i) {
$string=chr($i);
if ($string=="&"){
echo "You cannot use that character";
}


the above code will search your posted variable for '&'. If this character is found, an error message is displayed. I havent tried the code but I think the syntax is correct (ive just woken up..lol)

Hope this helps

#4 RedAlert

RedAlert
  • New Members
  • Pip
  • Newbie
  • 1 posts

Posted 29 March 2006 - 06:27 PM

I am a total newbie and got a finished script for my guestbook. Recently I´ve started to get problems with people spamming my guestbook, so I´d like to use this string you´ve written in this thread. But when I tried to copy it into my guestbook it siezed to work at all. Any idea where in the script i should put the string in order to getting it work?

The URL to my guestbook is [a href=\"http://www.themovements.com/guestshow.php\" target=\"_blank\"]http://www.themovements.com/guestshow.php[/a]

Thanks
/Gustaf

#5 alpine

alpine
  • Members
  • PipPipPip
  • Advanced Member
  • 756 posts
  • LocationNorway

Posted 29 March 2006 - 09:00 PM

I suggest looking for url's in the posted variables, this will do:

<?

$content = $_POST['message_body']; // or whatever

$url_match = "^(((http|ftp|https)://)|(www\.))+(([a-zA-Z0-9\._-]+\.[a-zA-Z]{2,6})|([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}))(/[a-zA-Z0-9\&%_\./-~-]*)?^";

if (preg_match($url_match, $content))
{
echo "A url was found in your post, Not allowed - mission aborted.";
exit ();
}
else
{
// continue with submission here, no url found


}

?>

And to RedAlert, you must post a code in order for anyone to help you out on why it stopped working...






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users