In facebook comment section when i type alt+0173 and press enter it submit my comment as empty comment and i want to avoid this in my website I use the following code.
if ($react == ''){
#do nothing
} else {
#insert data
}
but it didn't work and insert the data with letter "A" with two dots on the top see the below image. when i copy and past it shows as "Â".
I also try the following code but it also didn't work.
if ($react == '' || $react == 'Â'){
#do noting
} else {
#insert data
}
I didn't verify but i think this is your solution:
alt+0173 is ascii char 173 and called Soft hyphen.
This is sometimes used to go past security scripts as you see no space but there is a char. So you can use a blocked word like bloc+173 char+ked is shown on screen as blocked but sometimes is is not picked up by the security script.
The following line prevents use of this character by removing it(it has no good use anyways).
Put it before your if/else lines.
$string = str_replace(chr(173), "", $string);
in your case:
$react = str_replace(chr(173), "", $react);
So in your case if the string only contains the alt+0173 char the string should now be empty.
Update:
But...
In your case there is something strange happening, you say your input is alt+0173 but you get an Ä which is chr(142).
Even stranger, when i asked to revert the character string to an ascii char with ord($react); you got chr(97) which is a lowercase 'a'.
As you stated you use ajax, but my knowledge of ajax is minimal so i can't help you there but maybe someone can so i hope i clarified the case a bit.
But my best guess is that something changes the value of $react when in comes from the form to the php script and you should look there.
This method helped me to solve the answer.
source: Remove alt-codes from string
$unwanted_array = array( 'Ä'=>'A' );
$react = strtr( $react, $unwanted_array );
$newreact = preg_replace("/[^A-Za-z]+/i", " ", $react);
if ($newreact == "" || $newreact == " "){
#do nothing
} else {
#insert data
}
Related
I'm using the following code to return true or false if a string contains a substring in PHP 8.0.
<?php
$username = "mothertrucker"; // This username should NOT be allowed
$banlistFile = file_get_contents("banlist.txt"); //Contains the word "trucker" in it
$banlist = explode("\n", $banlistFile); // Splits $banlistFile into an array, split by line
if (contains($username, $banlist)) {
echo "Username is not allowed!";
} else {
echo "Username is allowed";
}
function contains($str, array $arr)
{
foreach($arr as $a) { // For each word in the banlist
if (stripos($str, $a) !== false) { // If I change $a to 'trucker', it works. "trucker" does not
return true;
}
}
return false;
}
?>
This is to detect if an inappropriate word is used when creating a username. So for example, if someone enters the username "mothertrucker", and "trucker" is included in the ban list, I want it to deny it.
Right now with this code, If I just type in the word "trucker" as a username, it is found and blocks it. Cool. However if there's more to the string than just "trucker", it doesn't detect it. So the username "mothertrucker" is allowed.
I discovered that if I explicitly type in 'trucker' instead of $a in the stripos function, it works perfectly. However, if I explicitly type in "trucker" (with double quotes), it stop working, and only blocks if that's the only thing the user entered.
So what I'm seeing, is it looks like the string $a that I'm passing it is being interpreted by PHP as a double quoted string, when in order for this to detect it properly, it needs to be a single quoted string. But as far as I can tell, I have no control over how php passes passing the variable.
Can I somehow convert it to a single quoted string? Perhaps the explode command I'm using in line 2 is causing it? Is there another way I can pull the data from a txt document and have it be interpreted as a single quote string? Hopefully I'm made sense with my explanation, but you can copy and paste the code and see it for yourself
Thanks for any help!
One potential problem would be any whitespace (which includes things like \r) could stop the word matching, so just trimming the word to compare with can tidy that up...
stripos($str, $a)
to
stripos($str, trim($a))
I do not know what your file actually contains so i dont know what the result of explode is.
Anyways my suggestion is (depending on the speed you want to perform this and also the length of the banlist file also your level of banning) to not explode the file and just look into it as a whole.
<?php
$username = "allow"; // This username should be allowed
$banlist = "trucker\nmotherfucker\n donot\ngoodword";
var_dump(contains($username, $banlist));
function contains($str, $arr)
{
if (stripos($arr, $str) !== false) return true;
else return false;
}
?>
Otherwise if you are going to allow say good which is an allowed word but since it is in the file with goodword it will not (using my example), you should not use stripos but instead use your example and use strcasecmp
The $search is a string of variables made from text inputs in a form. I am looking to see if that string is found in a txt file. I think something is wrong with my regex but I am not sure.
An existing entry to the text file would look like this Title%Author%ISBN%Publisher%Year.
My issue is that when I submit the form it goes to a blank page.
elseif ($inquiry=='search') {
$file= fopen("database.txt", "r") or die("File was not found on server");
$search = "/^[$Title."%".$Author."%".$ISBN."%".$Publisher."%".$Year]/i";
//search function
// What to look for
// open and Read from file
$lines = file('database.txt');//array
foreach($lines as $line) {
// Check if the line contains the string we're looking for, and print if it does
if(preg_match($search, $line)) {
echo $line;
} else {
echo "Search not found";
}
}
}
fclose($file);
}
You have to be aware of two things first.
The special $ char in PHP is used to denominate a variable.
When you inject a word with a preceding $ in a double quoted string, this is treated as a variable name and the variable tries to expand itself.
I'm mentioning this because of this line:
$search = "/^[$Title."%".$Author."%".$ISBN."%".$Publisher."%".$Year]/i";
So, my best guess there is that you are trying to use and expand the variable names. So, if that's the case you are ok on your intention.
But be aware you have a missmatched and no closed " after the Title.
Also remember the $ has a special meaning in regular expressions, and they are usually used to try to match the "end of the line".
Note: Your script is probably dying due to a missing " after the Title.
Working in WordPress (PHP). I want to set strings to the database like below. The string is translatable, so it could be in any language keeping the template codes. For the possible variations, I presented 4 strings here:
<?php
$string = '%%AUTHOR%% changed status to %%STATUS_new%%';
$string = '%%AUTHOR%% changed status to %%STATUS_oldie%%';
$string = '%%AUTHOR%% changed priority to %%PRIORITY_high%%';
$string = '%%AUTHOR%% changed priority to %%PRIORITY_low%%';
To make the string human-readable, for the %%AUTHOR%% part I can change the string like below:
<?php
$username = 'Illigil Liosous'; // could be any unicode string
$content = str_replace('%%AUTHOR%%', $username, $string);
But for status and priority, I have different substrings of different lengths.
Question is:
How can I make those dynamic substring be replaced on-the-fly so that they could be human-readable like:
Illigil Liosous changed status to Newendotobulous;
Illigil Liosous changed status to Oldisticabulous;
Illigil Liosous changed priority to Highlistacolisticosso;
Illigil Liosous changed priority to Lowisdulousiannosso;
Those unsoundable words are to let you understand the nature of a translatable string, that could be anything other than known words.
I think I can proceed with something like below:
<?php
if( strpos($_content, '%%STATUS_') !== false ) {
// proceed to push the translatable status string
}
if( strpos($_content, '%%PRIORITY_') !== false ) {
// proceed to push the translatable priority string
}
But how can I fill inside those conditionals efficiently?
Edit
I might not fully am clear with my question, hence updating the query. The issue is not related to array str_replace.
The issue is, the $string that I need to detect is not predefined. It would come like below:
if($status_changed) :
$string = "%%AUTHOR%% changed status to %%STATUS_{$status}%%";
else if($priority_changed) :
$string = "%%AUTHOR%% changed priority to %%PRIORITY_{$priority}%%";
endif;
Where they will be filled dynamically with values in the $status and $priority.
So when it comes to str_replace() I will actually use functions to get their appropriate labels:
<?php
function human_readable($codified_string, $user_id) {
if( strpos($_content, '%%STATUS_') !== false ) {
// need a way to get the $status extracted from the $codified_string
// $_got_status = ???? // I don't know how.
get_status_label($_got_status);
// the status label replacement would take place here, I don't know how.
}
if( strpos($_content, '%%PRIORITY_') !== false ) {
// need a way to get the $priority extracted from the $codified_string
// $_got_priority = ???? // I don't know how.
get_priority_label($_got_priority);
// the priority label replacement would take place here, I don't know how.
}
// Author name replacement takes place now
$username = get_the_username($user_id);
$human_readable_string = str_replace('%%AUTHOR%%', $username, $codified_string);
return $human_readable_string;
}
The function has some missing points where I currently am stuck. :(
Can you guide me a way out?
It sounds like you need to use RegEx for this solution.
You can use the following code snippet to get the effect you want to achieve:
preg_match('/%%PRIORITY_(.*?)%%/', $_content, $matches);
if (count($matches) > 0) {
$human_readable_string = str_replace("%%PRIORITY_{$matches[0]}%%", $replace, $codified_string);
}
Of course, the above code needs to be changed for STATUS and any other replacements that you require.
Explaining the RegEx code in short it:
/
The starting of any regular expression.
%%PRIORITY_
Is a literal match of those characters.
(
The opening of the match. This is going to be stored in the third parameter of the preg_match.
.
This matches any character that isn't a new line.
*?
This matches between 0 and infinite of the preceding character - in this case anything. The ? is a lazy match since the %% character will be matched by the ..
Check out the RegEx in action: https://regex101.com/r/qztLue/1
I have an input box that with php will echo out names typed in. The problem is that when the user presses space it will echo out the blank character. I have searched and didnt find an absolute answer. I know that using !empty if there is absoutely anthing in the input field but if there is a space is null supposed to work.
How to avoid getting echo if there is blank space in input?
if (!empty($name['name']) || null ) {
echo 'Your name is '.$name;
}
{
//do nothing
}
Calls to the function empty() will be true if it is unset, null, empty string, boolean false, or 0. Still I like avoiding heavy logic in conditionals... pull out the trimming and prepping the string before testing.
$nameString = empty($name['name'])?null:trim($name['name']);
if(!empty($nameString){
//go to town here
}
To appease the fanatics in advance, I have to also add that you should escape any user input before printing it. That way you protect against XSS. To be safer add try this:
$nameString = empty($name['name'])?null:trim($name['name']);
$nameString = htmlentities($nameString, ENT_QUOTES);
if(!empty($nameString){
//go to town here
}
However, a side note... the htmlentities() call does not protect against SQL injection, so if this data is going into a db you'll have to do more work--since your question doesn't indicate you're doing anything else than printing out to screen, we can hold off the SQL injection discussion for another day.
You want to check if there is a space, you may want to do this:
if ($name['name'] != null && trim($name['name']) != "" && !strpos(trim($name['name']), " "))
{
// work with $name['name']
}
else
{
// nothing
}
Be careful using empty(), it will return TRUE if the user enters '0'.
You might want to use strlen()
I am having one hell of a time coming up with a decent way make this if statement search a file for these codes. I set up the text file to read from as such:
myfile.txt
r)
0Y7
1a6
q.
#g
#(
#a
!P
T[
V}
0,
Here is a brief of what I got going.
$subject = file_get_contents(fvManager_Path . 'myfile.txt');
if ( preg_match('/^[a-zA-Z0-9,]+$/',$result['fmbushels_itemCode'], $subject) ) {
Basically I am trying to search the text file line by line to see if the whole string exists. They are case sensitive as well.
$result['fmbushels_itemCode'] is from a sql query and always returns a code like the above in the text.
I'd appreciate any help on this. If someone knows a better way of doing this or a different command, I'd be willing to give that a shot as well :)
edit:
private function _fvShareBushels() {
$subject = file_get_contents(fvManager_Path . 'myfile.txt');
if (count($vShareArray) > 0) {
$vCntMoves = count($vShareArray);
for ($vI = 0;$vI < $vRunMainLoop;$vI++) {
sell $result['fmbushels_itemCode']);
}
}
}
This is a snippet of a big code. I had to rip most out because of post limitation. The area I could be working with is:
if (count($vShareArray) > 0) {
If I could make this something like:
if (count($vShareArray) > 0 && $result['fmbushels_itemCode'] **is not in** $subject) {
If you want to do line by line, use the file() function.
$f = file(fvManager_Path . 'myfile.txt');
foreach($f AS $line){
// $line is current line at file
}
I'm not to sure if you understand completely how preg_match works. The first parameter is the regular expression pattern, the second is what you want to match the pattern to, and the third is an array of matches. So for every valid pattern matched in the second parameter a new index on the array is created.
I'm not 100% on what you're trying to accomplish. Are you trying to see if the $result['fmbushels_itemCode'] exists in the file?
If the above is the correct case you simply just need to do something like:
$f = file('myfile.txt');
array_map('trim', $f);
if(in_array($result['fmbushels_itemCode'], $f)){
// success
}