dannybrazil Posted April 2, 2008 Share Posted April 2, 2008 Hello i have this code : // ------------VALIDATION OF THE FIELDS---------------- // //$i = 0; //for ($i = 0; $i < count($ndfieldname); $i++) { // // Check for injected values, but skip uploaded file fields that always contain %a and %0d // //if ($i < count($ndfieldname) - count($_FILES)) { // //$crack_value = urldecode($ndfieldvalue[$i]); //if (eregi("(\r|\n|%0a|%0d|content-type:|bcc:|cc:|to:|content-type:)", $crack_value)) { //$error .= "The field $ndfieldname[$i] contained e-mail headers in the value submitted. // This seems to be a cracking attempt and the message has not been sent.!\n"; // echo "Fieldvalue = $ndfieldvalue[$i] <br>"; //} //} and in my Form i have a box that the user can write as much as he wants (a post) when im writing there something like that : "hello" , ITS OK passes the check when im writing something like that : " hello hello , whats up and so on" (more then one word with spaces) it fives me the error message any help ? Quote Link to comment Share on other sites More sharing options...
uniflare Posted April 2, 2008 Share Posted April 2, 2008 instead of if (eregi("(\r|\n|%0a|%0d|content-type:|bcc:|cc:|to:|content-type:)", $crack_value)) { use: if(preg_match("/\A[a-zA-Z0-9\.,'\[\]\(\)\{\}&£\$\!\";\/\?#_@ -]*$/i",$crack_value) == 0) the above if statement will only allow a-z upper or lower case, 0-9, comma, period, single quote, doublequote, square brackets, parenthesis { }, smooth brackets, Ampersand &, Pound Sterling Symbol £, Dollar Symbol $, Exclamation Mark !, Semi-colon ;, forward slash, question mark, pound sign #, underscore _, at symbol @, space, and dash. Hope this helps, Quote Link to comment Share on other sites More sharing options...
dannybrazil Posted April 2, 2008 Author Share Posted April 2, 2008 hi whats the difference between : eregi AND preg_match ? Quote Link to comment Share on other sites More sharing options...
dannybrazil Posted April 2, 2008 Author Share Posted April 2, 2008 didnt work , here's what i get : ( i did it in purpose that the writing will be crazy , but nor dangerous) Fieldvalue = wowowowowowow gggggggggggggg ggggggggggg gggggggggggg gggggggggggg gggggg gggggggggggggggggggggggggggggggg ggggggggggggggggggggg Warning: Cannot modify header information - headers already sent by (output started at /home/rgajsgjb/public_html/ABVFP/dbts_abvfp.php:264) in /home/rgajsgjb/public_html/ABVFP/dbts_abvfp.php on line 359 Error = The field posting_discription contained e-mail headers in the value submitted. This seems to be a cracking attempt and the message has not been sent.! Errorpage = http://www.brasilwebdesign.com/ABVFP/errorpage.php Quote Link to comment Share on other sites More sharing options...
bozebo Posted April 6, 2008 Share Posted April 6, 2008 whats the difference between : eregi AND preg_match ? The primary difference is what they return, ereg "Returns the length of the matched string if a match for pattern was found in string , or FALSE if no matches were found or an error occurred." whereas preg_match "returns the number of times pattern matches. That will be either 0 times (no match) or 1 time because preg_match() will stop searching after the first match" preg_match also has some other arguments for more complicated uses Quote Link to comment Share on other sites More sharing options...
effigy Posted April 7, 2008 Share Posted April 7, 2008 whats the difference between : eregi AND preg_match ? The primary difference is what they return This is incorrect. See this post. Quote Link to comment Share on other sites More sharing options...
uniflare Posted April 7, 2008 Share Posted April 7, 2008 fyi preg uses perl-compatile patterns, ereg doesnt to my knowledge.. dannybrazil can you explain the problem in more depth,some code? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.