Jump to content

PHP code help

dannybrazil

By dannybrazil
in Regex Help

 Share

Recommended Posts

dannybrazil Regular Member

dannybrazil

Posted
Posted

Hello

i have this code :

// ------------VALIDATION OF THE FIELDS----------------
//
//$i = 0;
//for ($i = 0; $i < count($ndfieldname); $i++) {
//
// Check for injected values, but skip uploaded file fields that always contain %a and %0d
//
//if ($i < count($ndfieldname) - count($_FILES)) {
//
//$crack_value = urldecode($ndfieldvalue[$i]);
//if (eregi("(\r|\n|%0a|%0d|content-type:|bcc:|cc:|to:|content-type:)", $crack_value)) {
//$error .= "The field $ndfieldname[$i] contained e-mail headers in the value submitted.
//  This seems to be a cracking attempt and the message has not been sent.!\n";
//  echo "Fieldvalue = $ndfieldvalue[$i] <br>";
//}
//}

 

and in my Form i have a box that the user can write as much as he wants (a post)

when im writing there something like that : "hello" , ITS OK passes the check

 

when im writing something like that : " hello hello , whats up and so on" (more then one word with spaces)

it fives me the error message

 

any help ?

Link to comment
Share on other sites
uniflare Newbie

uniflare

Posted
Posted

instead of 

if (eregi("(\r|\n|%0a|%0d|content-type:|bcc:|cc:|to:|content-type:)", $crack_value)) {

 

use:

 

if(preg_match("/\A[a-zA-Z0-9\.,'\[\]\(\)\{\}&£\$\!\";\/\?#_@ -]*$/i",$crack_value) == 0)

 

the above if statement will only allow a-z upper or lower case, 0-9, comma, period, single quote, doublequote, square brackets, parenthesis { }, smooth brackets, Ampersand &, Pound Sterling Symbol £, Dollar Symbol $, Exclamation Mark !, Semi-colon ;, forward slash, question mark, pound sign #, underscore _, at symbol @, space, and dash.

 

Hope this helps,

Link to comment
Share on other sites
dannybrazil Regular Member

dannybrazil

Posted
  • Author
Posted

didnt work , here's what i get : ( i did it in purpose that the writing will be crazy , but nor dangerous)

Fieldvalue = wowowowowowow gggggggggggggg ggggggggggg gggggggggggg gggggggggggg gggggg gggggggggggggggggggggggggggggggg ggggggggggggggggggggg

 

Warning: Cannot modify header information - headers already sent by (output started at /home/rgajsgjb/public_html/ABVFP/dbts_abvfp.php:264) in /home/rgajsgjb/public_html/ABVFP/dbts_abvfp.php on line 359

Error = The field posting_discription contained e-mail headers in the value submitted. This seems to be a cracking attempt and the message has not been sent.!

Errorpage = http://www.brasilwebdesign.com/ABVFP/errorpage.php

Link to comment
Share on other sites
bozebo Newbie

bozebo

Posted
Posted
whats the difference between :

eregi  AND preg_match ?

 

The primary difference is what they return, ereg "Returns the length of the matched string if a match for pattern  was found in string , or FALSE if no matches were found or an error occurred." whereas preg_match "returns the number of times pattern  matches. That will be either 0 times (no match) or 1 time because preg_match() will stop searching after the first match"

 

preg_match also has some other arguments for more complicated uses

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.