PHP code help

[dannybrazil]

Hello

i have this code :

// ------------VALIDATION OF THE FIELDS----------------
//
//$i = 0;
//for ($i = 0; $i < count($ndfieldname); $i++) {
//
// Check for injected values, but skip uploaded file fields that always contain %a and %0d
//
//if ($i < count($ndfieldname) - count($_FILES)) {
//
//$crack_value = urldecode($ndfieldvalue[$i]);
//if (eregi("(\r|\n|%0a|%0d|content-type:|bcc:|cc:|to:|content-type:)", $crack_value)) {
//$error .= "The field $ndfieldname[$i] contained e-mail headers in the value submitted.
//  This seems to be a cracking attempt and the message has not been sent.!\n";
//  echo "Fieldvalue = $ndfieldvalue[$i] <br>";
//}
//}

 

and in my Form i have a box that the user can write as much as he wants (a post)

when im writing there something like that : "hello" , ITS OK passes the check

 

when im writing something like that : " hello hello , whats up and so on" (more then one word with spaces)

it fives me the error message

 

any help ?

[uniflare]

instead of

if (eregi("(\r|\n|%0a|%0d|content-type:|bcc:|cc:|to:|content-type:)", $crack_value)) {

 

use:

 

if(preg_match("/\A[a-zA-Z0-9\.,'\[\]\(\)\{\}&£\$\!\";\/\?#_@ -]*$/i",$crack_value) == 0)

 

the above if statement will only allow a-z upper or lower case, 0-9, comma, period, single quote, doublequote, square brackets, parenthesis { }, smooth brackets, Ampersand &, Pound Sterling Symbol £, Dollar Symbol $, Exclamation Mark !, Semi-colon ;, forward slash, question mark, pound sign #, underscore _, at symbol @, space, and dash.

 

Hope this helps,

[dannybrazil]

hi

 

whats the difference between :

eregi  AND preg_match ?

[dannybrazil]

didnt work , here's what i get : ( i did it in purpose that the writing will be crazy , but nor dangerous)

Fieldvalue = wowowowowowow gggggggggggggg ggggggggggg gggggggggggg gggggggggggg gggggg gggggggggggggggggggggggggggggggg ggggggggggggggggggggg

 

Warning: Cannot modify header information - headers already sent by (output started at /home/rgajsgjb/public_html/ABVFP/dbts_abvfp.php:264) in /home/rgajsgjb/public_html/ABVFP/dbts_abvfp.php on line 359

Error = The field posting_discription contained e-mail headers in the value submitted. This seems to be a cracking attempt and the message has not been sent.!

Errorpage = http://www.brasilwebdesign.com/ABVFP/errorpage.php

[bozebo]

whats the difference between :

eregi  AND preg_match ?

 

The primary difference is what they return, ereg "Returns the length of the matched string if a match for pattern  was found in string , or FALSE if no matches were found or an error occurred." whereas preg_match "returns the number of times pattern  matches. That will be either 0 times (no match) or 1 time because preg_match() will stop searching after the first match"

 

preg_match also has some other arguments for more complicated uses

[effigy]

whats the difference between :

eregi  AND preg_match ?

 

The primary difference is what they return

 

This is incorrect. See this post.

[uniflare]

fyi preg uses perl-compatile patterns, ereg doesnt to my knowledge..

 

dannybrazil can you explain the problem in more depth,some code?