Jump to content

safe user form imput method

richardjh

By richardjh
in PHP Coding Help

 Share

Recommended Posts

richardjh Member

richardjh

Posted
Posted

I have a form which includes a one line form input box for letting users add a link to another website. The website URL ALWAYS begins the same (e.g. http://www.theexternalwebsite.com/..) but it then contains a long string (to the relevant pages). I want to validate the form so that the user can only add this domain name and if he tries to add any other domain name he blows up.. erm I mean gets a rejected message.

 

So:

http://www.theexternalwebsite.com/6373737nnvv/44?-22-d-f&.. will be accepted

but

http://www.notannicesite/6373737nnvv/44?-22-d-f&.. would be refused.

 

I've been trying to do this using preg_match and eregi functions like:

if (!eregi("^[http://thesite.com/]+[a-z.]$",$url)) { 
echo 'wrong URL'; 
} else {
allow this url into the database
}

 

thank you for your help

 

R

Link to comment
Share on other sites
richardjh Member

richardjh

Posted
  • Author
Posted

Well, you see each link will be different but the domain will be the same. Hence i want any link that starts with the given domain (e.g. http://www.myspace.com...) to be allowed but no other domain name. Then when a user adds say their own link to their myspace page (example only I'm not actually linking to myspace) the link will be recognised as being a good link but if they try adding a link to any other domain name (say a link to their facebook page) it will be deemed no good.

 

thanks

 

Link to comment
Share on other sites
PC Nerd Advanced Member

PC Nerd

Posted
Posted

not sure about teng84's suggestion - and i dont know that function - however you coudl always search for a ? and / - which usually finds the end of teh domain name and begining of directories or GET info -

 

all you would have o do is split the string at that point - and compare the first section to your own domain name.

 

you may als owant to addin different features - so that a person can add:  domain.com/..... AND www.domain.com/... AND http://www.domain.com/...  - then validate those different inputs - using roughyl the same method

 

 

good luck

Link to comment
Share on other sites
richardjh Member

richardjh

Posted
  • Author
Posted

or maybe this 

$path = "http://www.theexternalwebsite.com/6373737nnvv/44?-22-d-f&..";
echo  dirname($path);

 

teng, your code outputs more than just the domain, I tried it and it echos the domain plus the directory of the link. For instance This:

http://www.theexternalwebsite.com/dp/0593058003/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1199739941&sr=8-1

outputs as:

http://www.theexternalwebsite.com/dp/0593058003/

 

whereas I want just

http://www.theexternalwebsite.com

 

 

 

 

Link to comment
Share on other sites
richardjh Member

richardjh

Posted
  • Author
Posted

righto,

after much scratching of head, I now have this bit of code which i've added to form validate and *seems* to work:

 

  if (!preg_match ("/http:\/\/www\.myspace(.*)\.(.*)/i", $url)) { 
die ('Sorry, this isn\'t an acceptable link'); 
}

 

Could anyone see any problems/bugs with using this code? it stops ANY URL from getting through unless it matches http://www.myspace.com/whatever?whatever..etc << using myspace as an example here.

 

thanks for advice

 

Link to comment
Share on other sites
toplay Member

toplay

Posted
Posted

righto,

after much scratching of head, I now have this bit of code which i've added to form validate and *seems* to work:

 

  if (!preg_match ("/http:\/\/www\.myspace(.*)\.(.*)/i", $url)) { 
die ('Sorry, this isn\'t an acceptable link'); 
}

 

Could anyone see any problems/bugs with using this code? it stops ANY URL from getting through unless it matches http://www.myspace.com/whatever?whatever..etc << using myspace as an example here.

 

thanks for advice

 

Expressions is the way to go, but your expression will allow http://www.myspace.net (not .com) and http://www.myspacesomethingelse.com (different domain name altogether).

 

I recommend anyone working with expressions to buy:

http://www.regexbuddy.com

 

 

Link to comment
Share on other sites
toplay Member

toplay

Posted
Posted

Well, I don't know how tight you want to make the checking, that's why I recommend that you try it out yourself by using programs such as regexbuddy.

 

Anyway, the following expression is a basic one where it asserts that at the beginning of the string it must have http://www.myspace.com or https://www.myspace.com. It doesn't care what might be after the .com. It just depends how thorough you want to validate things.

 

'/^https?:\/\/www\.myspace\.com/i'

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.