Searching my Array for values containing a specific character - php

I am developing a Website that is using HTML Valid Tags stored within an array for comparison against the users input into the system. I have currently developed the Array which contains all the of the HTML Tags that i require. I have also developed a function which validates the user input against data that is stored within the array.
If it is valid then it will tell the user it has been accepted and the valid tag will then be put in a different array which contains all of the tags that the user has inputted.
However i have tried to create the functionality that when the user inputs the tags within the system the array will be searched for any tags that contain a backslash / as this will identify all of the closing tags within the array.
So my question would be is how i would extract all records within my AllowedTags Array that contain a / Character and store those within a new array.
<html>
<head>
</head>
<body>
<form id="HTMLValidation" method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
<p> HTML Code: <input type="text" name="code">
<p><input type="submit" name="submit" value="Validate Your Code!"/></p>
</form>
<?php
//Depricated
//$TagArray = $UserInput.split("");
if(isset($_POST['code']))
{
$UserInput = htmlspecialchars($_POST['code']);
$InputtedTags = array();
//Array Containing all of the VALID HTML TAGS.
$AllowedTags = array("<html>","<head&gt","<body&gt","<div&gt","<p&gt","<b&gt","<base&gt","<link&gt","<meta&gt","<style&gt","<title&gt","<address&gt","<article&gt","<aside&gt","<footer&gt","<h1&gt","<h2&gt","<h3&gt","<h4&gt","<h5&gt","<h6&gt","<header&gt","<hgroup&gt","<nav&gt","<selection&gt","<dd&gt","<d1&gt","<dt&gt","<figcaption&gt","<figure&gt","<hr&gt","<li&gt","<main&gt","<ol&gt","<pre&gt","<ul&gt","<a&gt","<abbr&gt","<b&gt","<bdi&gt","<bdo&gt","<br&gt","<cite&gt","<code&gt","<data&gt","<dfn&gt","<em&gt","<i&gt","<kbd&gt","<mark&gt","<q&gt","<rp&gt","<rt&gt","<rtc&gt","<ruby&gt","<s&gt","<samp&gt","<small&gt","<span&gt","<strong&gt","<sub&gt","<sup&gt","<time&gt","<u&gt","<var&gt","<wbr&gt","<area&gt","<audio&gt","<img&gt","<map&gt","<track&gt","<video&gt","<embed&gt","<object&gt","<param&gt","<source&gt","<canvas&gt","<noscript&gt","<script&gt","<del&gt","<ins&gt","<caption&gt","<col&gt","<colgroup&gt","<table&gt","<tbody&gt","<td&gt","<tfoot&gt","<th&gt","<thead&gt","<tr&gt","<button&gt","<datalist&gt","<fieldset&gt","<form&gt","<input&gt","<label&gt","<legend&gt","<meter&gt","<optgroup&gt","<option&gt","<output&gt","<progress&gt","<select&gt","<textarea&gt","<details&gt","<dialog&gt","<menu&gt","<menuitem&gt","<summary&gt","<shadow&gt","<slot&gt","<template&gt","<acronym&gt","<applet&gt","<basefont&gt","<big&gt","<blink&gt","<center&gt","<command&gt","<content&gt","<dir&gt","<element&gt","<font&gt","<frame&gt","<frameset&gt","<isindex&gt","<keygen&gt","<listing&gt","<marquee&gt","<multicol&gt","<nextid&gt","<noembed&gt","<plaintext&gt","<shadow&gt","<spacer&gt","<strike&gt","<tt&gt","<xmp&gt","</html&gt","</head&gt","</body&gt","</div&gt","</p&gt","</b&gt","</base&gt","</link&gt","</meta&gt","</style&gt","</title&gt","</address&gt","</article&gt","</aside&gt","</footer&gt","</h1&gt","</h2&gt","</h3&gt","</h4&gt","</h5&gt","</h6&gt","</header&gt","</hgroup&gt","</nav&gt","</selection&gt","</dd&gt","</d1&gt","</dt&gt","</figcaption&gt","</figure&gt","</hr&gt","</li&gt","</main&gt","</ol&gt","</pre&gt","</ul&gt","</a&gt","</abbr&gt","</b&gt","</bdi&gt","</bdo&gt","</br&gt","</cite&gt","</code&gt","</data&gt","</dfn&gt","</em&gt","</i&gt","</kbd&gt","</mark&gt","</q&gt","</rp&gt","</rt&gt","</rtc&gt","</ruby&gt","</s&gt","</samp&gt","</small&gt","</span&gt","</strong&gt","</sub&gt","</sup&gt","</time&gt","</u&gt","</var&gt","</wbr&gt","</area&gt","</audio&gt","</img&gt","</map&gt","</track&gt","</video&gt","</embed&gt","</object&gt","</param&gt","</source&gt","</canvas&gt","</noscript&gt","</script&gt","</del&gt","</ins&gt","</caption&gt","</col&gt","</colgroup&gt","</table&gt","</tbody&gt","</td&gt","</tfoot&gt","</th&gt","</thead&gt","</tr&gt","</button&gt","</datalist&gt","</fieldset&gt","</form&gt","</input&gt","</label&gt","</legend&gt","</meter&gt","</optgroup&gt","</option&gt","</output&gt","</progress&gt","</select&gt","</textarea&gt","</details&gt","</dialog&gt","</menu&gt","</menuitem&gt","</summary&gt","</shadow&gt","</slot&gt","</template&gt","</acronym&gt","</applet&gt","</basefont&gt","</big&gt","</blink&gt","</center&gt","</command&gt","</content&gt","</dir&gt","</element&gt","</font&gt","</frame&gt","</frameset&gt","</isindex&gt","</keygen&gt","</listing&gt","</marquee&gt","</multicol&gt","</nextid&gt","</noembed&gt","</plaintext&gt","</shadow&gt","</spacer&gt","</strike&gt","</tt&gt","</xmp&gt");
//$Tags = implode(",",$AllowedTags);
//$OpenTags = implode(",",$AllowedTags);
//Search Allowed Tags Array For Values Containing a Backslash(/)
$CloseTags = implode(" ",$AllowedTags);
$needle = '/';
$ret = array_keys(array_filter($AllowedTags, function($var) use ($needle){
return strpos($var, $needle) !== false;}));
print_r($ret);
//Check What The User Has Inputted Into The System against the AllowedTags Array
//If it is true then display to the user the tag is valid
//Push The value that the user entered onto the InputtedTags Array
foreach($AllowedTags as $data)
{
if(strpos($UserInput,$data) !==false )
{
echo($UserInput. ": Valid Tags");
array_push($InputtedTags,$UserInput);
}
}
print_r($InputtedTags);
}
?>
</body>
</html>


"how i would extract all records within my AllowedTags Array that contain a / Character and store those within a new array"
$filtered_tags = array_filter($AllowedTags, function($val) {
return (bool)preg_match('/\//', $val);
});
print_r($filtered_tags);


If the user is providing the tags without angular brackets and only writing the tag name (say "head"), then maybe you can concatenate a backslash() in the beginning of the user input string while searching for the closing tag in the $AllowedTags.
I'm sorry if I misunderstood the question.

Related

Design pattern for implementing PHP search filter form

I am implementing a filter in a search function on a website written in PHP.
My goal is to keep this manageable, since the project will grow in size a lot in the upcoming time. Right now the search page has a with some input fields, and php checks if the form is submitted by checking if the name of the forms button is inside the $_POST array. Located on the right side of this search page, there is a list of the actual search results, the output of a foreach loop over a list of items printed to the screen. To make it more clear I've written some code to explain what it does, and also shows what I tried to come up with myself:
<?php
$arrayToDisplay = array(
array("id"=>0,"name"=>"first","lastname"=>"last"),
array("id"=>1,"name"=>"first","lastname"=>"last"),
);
$acceptedName = "";
if(isset($_POST['buttonName'])) {
if(isset($_POST['name'])) {
$acceptedName = sanitize($_POST['name']);
}
}
?>
<form>
<input type="text" name="name">
<input type="submit" name="buttonName">
</form>
<?php
foreach($arrayToDisplay as $person) {
if(exists($acceptedName) && $acceptedName != "") {
if($person["name" == $acceptedname) {
echo $person["id"]." ".$person["name"];
}
}
else {
echo $person["id"]." ".$person["name"];
}
}
?>
This can work on one value, filter by name. But eventually these person objects will have almost 50 properties, and the search filter has to not only be able to filter the list by name, but all kinds of person properties. This solution is unmaintainable.
Is there an existing design pattern, that one might use in such a situation?

There are many approaches to this problem and some people argue that you can/should type out each form element and its corresponding handler because it'll be easier to maintain if you want to use text boxes, select lists, radio buttons etc. That said, you mentioned simply using text boxes so here's a way to use a single array to drive the entire application.
You didn't mention if you were planning on using SQL to drive your search, so I made the assumption you will be using it.
You can use a single array to drive both your HTML form and the query that will be generated by the incoming values.
<?php
// This array will drive your form and your query.
$columns = [
'firstname',
'lastname',
'email',
'address_1',
'address_2',
'city'
];
// The form was submitted.
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Match posted data to the `$columns` array and filter out any empty values.
$postedData = array_filter(array_intersect_key($_POST, array_flip($columns)));
// We have at least 1 search criteria to use.
if (!empty($postedData)) {
// Generate a list of columns for a WHERE clause. Ex. [`address_1 LIKE ?`, `name LIKE ?`]
$terms = array_map(function ($val) {
return "$val LIKE ? ";
}, array_keys($postedData));
// Generate a list of values wrapped in percent signs. Ex. [`123 King St.`, `%tony%`]
$values = array_map(function ($val) {
return "%$val%";
}, $postedData);
// Change this to `AND ` if needed.
$query = 'SELECT * FROM table WHERE ' . implode('OR ', $terms);
// Just showing you what the generated query and data looks like.
var_dump([
$query,
array_values($values)
]);
// Finally, use them to drive your query.
// $sql = $connection->prepare($query);
// $sql->execute(array_values($values));
}
}
?>
<form method="post">
<?php foreach ($columns as $column): ?>
<label>
<input type="text" name="<?php echo $column; ?>" placeholder="<?php echo $column; ?>">
</label>
<br>
<?php endforeach; ?>
<input type="submit" value="Search">
</form>
Sample Output
array (size=2)
0 => string 'SELECT * FROM table WHERE firstname LIKE ? OR email LIKE ? ' (length=59)
1 =>
array (size=2)
0 => string '%Tony%' (length=6)
1 => string '%tony#email.com%' (length=16)

no values in my string from an imploded post array? PHP

Started learning PHP today so forgive me for being a noob. I have a simple HTML form where the user inputs 4 strings and then submits.
HTML form
<html>
<head>
<title>EMS</title>
</head>
<body>
<h1>EMS - Add New Employees</h1>
<form action="<?php echo $_SERVER["PHP_SELF"];?>" method="post">
<table>
<tr><td>Enter a NAME:</td><td> <input type="text" name="name"></td></tr>
<tr><td>Enter a PPSN:</td><td> <input type="text" name="ppsn"></td></tr>
<tr><td>Enter a PIN :</td><td> <input type="text" name="pin"></td></tr>
<tr><td>Enter a DOB:</td><td> <input type="text" name="dob"></td></tr>
<tr><td></td><td><input type="submit" value="Add New Employee" name="data_submitted"></td></tr>
</table>
</form>
</html>
I want to implode the 4 elements in the $_POST["data submitted"] array to a string.
PHP
<?php
if (isset($_POST['data_submitted'])){
$employee = implode(",",$_POST['data_submitted']);
echo "employee = ".$employee;
}
?>
Why is it that when I run the project, Input the 4 strings into the form and submit that there is nothing contained within the employee string when its outputed? There is however a value in the employee string when I just implode the $_POST array like so without 'data_submitted'.
$employee = implode(",",$_POST);
The output of the $employee string is now - employee = will,03044,0303,27/5/6,Add New Employee
It contains the name,pps,pin,dob and this ADD New Employee value?
How do I just get the $employee string to contain just the name,pps,pin and dob from the $POST_[data_submitted] array?

If you wish to implode the submitted data, then you need to refer to the specific items, as follows:
<?php
$clean = [];
if (isset($_POST['data_submitted'])){
// one way to deal with possibly tainted data
$clean['name'] = htmlentities($_POST['name']);
$clean['ppsn'] = htmlentities($_POST['ppsn']);
$clean['pin'] = htmlentities($_POST['pin']);
$clean['dob'] = htmlentites($_POST['dob']);
$employee = implode(",",$clean);
echo "employee = $employee";
}
Never use submitted data without first checking to make sure that it is safe to do so. You need to validate it. Since the OP doesn't specify what kind of data the named inputs "ppsn", "pin", "dob" pertain to, this example does a minimum of validation. Each input might require more or something different.
Whether you're new or familiar with PHP, it is a good idea to frequently read the online Manual.

First, you need to know that php will treat value in the format: value="value here" as string.
So, calling implode(",",$_POST['data_submitted']); will return Add New Employee as declared here: <input type="submit" value="Add New Employee" name="data_submitted">.
From your question:
How do I just get the $employee string to contain just the name, pps, pin and dob from the $_POST[data_submitted] array?
Solution
1. Unset the <code>$_POST['data_submitted']</code> index in the $_POST super global variable
2. Implode it
// Unset the $_POST['data_submitted'] index
$post_data = unset( $_POST['data_submitted'] );
// Format the post data now
$format_post_data = implode( ",", $post_data );
// Escape and display the formatted data
echo htmlentities( $format_post_data, ENT_QUOTES );

Echoing part of a PHP string back within conditional value of HTML form field

I am building an HTML form - a simplified, two field version of which is below. The user is meant to enter something like the below string into the first field of the form:
https://www.facebook.com/dialog/feed?app_id=12345&link=http%3A%2F
%2Fbit.ly%2F12345&picture=https://website.com/horse-picture.jpg&name=Headline&
description=Description&redirect_uri=http%3A%2F%2Fwww.facebook.com%2F&
caption=Something
I am trying to split this string so that only the following part of the string is echoed into the second field of the form:
horse-picture.jpg
If the first field is empty, the second field is echoing back its own value. I've marked where the trouble is below. I've seen several threads on using explode, but the part of the string I'm looking to echo back isn't flanked with the same consistent characters, and the length of this string will vary, so preg_match also seems to be not a good option. Having this nested within a conditional is also throwing me off. Would very much appreciate help. Thanks!
<h2>THIS IS AN HTML FORM</h2>
<form action="sharefile.php" method="post">
<label for="decode">FB decode:<br /></label>
<input type="text" id="decoder" name="decoder" size="70" value="" /><br /><br />
<label for="img">Image (e.g. horse-picture.jpg):<br /></label>
<input type="text" id="img" name="img" size="70" value="
<?php if (strlen($_POST['decoder']) > 0)
//THIS IS WHERE THE TROUBLE STARTS
{SOMETHING GOES HERE}
//THIS IS WHERE THE TROUBLE ENDS
else {echo $_POST['img'];}
?>"
<input type="submit" value="Submit!" name="submit" />
</form>

Something like this might work. I believe you want to parse the picture URL, yes?
<?php
function scrub($string) {
// Parse the picture variable.
$matches = array();
$result = preg_match("/picture=([^\&]+)/", $string, $matches);
$url = $matches[1];
// Scrub the picture URL.
$result = preg_replace('/https?:\/\/[^\/]+\//', '', $url);
print_r($matches);
print_r($result);
}
scrub("https://www.facebook.com/dialog/feed?app_id=12345&link=http%3A%2F%2Fbit.ly%2F12345&picture=https://website.com/horse-picture.jpg&name=Headline&description=Description&redirect_uri=http%3A%2F%2Fwww.facebook.com%2F&caption=Something");
/*
Result:
Array
(
[0] => picture=https://website.com/horse-picture.jpg
[1] => https://website.com/horse-picture.jpg
)
horse-picture.jpg
*/

It looks like you're trying to parse URLs. PHP has functions for that, of course, albeit slightly weird functions, but it's PHP, so we expect that:
$url = '.. your massive URL inception ..';
$_url = parse_url($url);
print_r($_url);
parse_str($_url['query'], $query);
print_r($query);
$_url = parse_url($query['picture']);
print_r($_url);
$picture = basename($_url['path']);
var_dump($picture);
Example: http://3v4l.org/GKKmq#v430

Another method. Since this is a URL, first split on the question mark ? and take the second element, the query string. Now split on the ampersands & and loop through them looking for the key/value pair starting with "picture=". Once that is found grab the portion of the element after that many characters (8 characters in "picture="), then split the string on the forward slash / and grab the last element in that resulting array.
If $_POST['decoder'] equals:
https://www.facebook.com/dialog/feedapp_id=12345&link=http%3A%2F%2Fbit.ly%2F12345&picture=https://website.com/horse-picture.jpg&name=Headline&description=Description&redirect_uri=http%3A%2F%2Fwww.facebook.com%2F&caption=Something
Then:
list($d, $q) = explode('?', $_POST['decoder']);
$pairs = explode('&', $q);
foreach ( $pairs as $value ) {
if ( !(strpos($value, 'picture=') === FALSE) ) {
$picture = explode('/', substr($value, 8));
$picture = $picture[count($picture) - 1];
break;
}
}
echo $picture;
Outputs:
horse-picture.jpg

You should do something like this:
<?php echo '<input type="text" id="img" name="img" size="70" value="'.$whatyouwant.'"'; ?>
Hope it helps!

PHP Get values from unknown numbers of text input

I have a div in my page called .highlights.
In this div I have a unknown numbers of text input(<input type="text" />). It can range from 0 to unknown.
When someone clicks at submit, I want to store in PHP all the values of the inputs, into one variable called myHighlights. The values must be seperated by ;

<input type="text" name="unlimited[]" />
if( isset($_POST['submit_button']) ) {
// Skip blank values
$unlimited = array_filter( $_POST['unlimited'] );
$myHighlights = implode(';', $unlimited);
}

To begin with, you'll have to assign names to the controls so they get sent together with the rest of of the form. Please have a look at the How do I create arrays in a HTML <form>? entry of the PHP FAQ for a nifty trick.

if($_POST)
{
$myHighlights = implode(';',$_POST);
print_r($myHighlights);
}

How to extract value from hidden field on form

I have form (on my own blog/cms install which i want to play with a bit) with hidden value which i want to extract. Problem is that there are 2 forms on that page, each with that hidden field with value. On each form field name is the same, only hidden value differs. Something like this:
<input type="hidden" id="_hiddenname" name="_hiddenname" value="valuehere"/>
Both look the same in html source. So, to help myself i opened php file with this page, edited it and added some random words before field that i need. So now one field (the one that i don't want) is like in above code but field i need is like this:
mywordshere <input type="hidden" id="_hiddenname" name="_hiddenname" value="valuehere"/>
How do i extract value from field i need (with mywordshere before its code) if i have my page's html source in php variable (grabbed with libcurl)?

An example using DOMDocument
<?php
$html = <<<HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<body>
<input type="hidden" id="_hiddenname" name="_hiddenname" value="valuehere">
</body>
</html>
HTML;
$doc = new DOMDocument();
$doc->validateOnParse = true;
$doc->loadHTML( $html );
$node = $doc->getElementById( '_hiddenname' );
echo $node->getAttribute( 'value' );
?>
Note: your HTML string must have a DOCTYPE defined for this to work.

Assumably the two forms have different names, correct? So if you parse your scraped text with something DOM aware, you should be able to choose your input field by searching for it in its parent form.

The fact that you have two input fields named the same, and with the same id, is the real problem. The id attribute for HTML elements is supposed to be unique on a given page, and if it was, you could do this easily with a DOM parser. Example:
$dom = new domDocument;
$dom->loadHTML($html);
$dom->preserveWhiteSpace = false;
$inputs = $dom->getElementsByTagName('input');
foreach ($inputs as $i)
{
if ($i->getAttribute('id') == 'targetId') {
//do some stuff
}
}
Since you can't take that approach, and you've marked your input with a string that you can identify, I would use a combination of string functions:
$str = 'mywordshere <input type="hidden" id="_hiddenname" name="_hiddenname" value="valuehere"/>';
$pos = strpos($str,'mywordshere');
if ($pos !== false) {
$valuePos = strpos($str,'value=',$pos);
if ($valuePos !== false) {
//get text starting from the 'value=' portion of the string
$str = substr($str,$valuePos);
$arr = explode('"',$str);
//value will be in $arr[1]
echo $arr[1];
}
}
I would strongly recommend you re-work your element IDs however, and use the DOM approach.

The value will be available in either $_GET["_hiddenname"] or $_POST["_hiddenname"], depending on which method you are using. Which one you get will depend on which form is doing the submitting.
If you have two fields which are named the same within the same form, you have a bigger problem.

Categories