I am trying to strip certain characters and keywords from a php form and not having much luck.
What I want is to a modular filter list to remove urls and certain keywords. At the moment I just want to remove http links while keeping allowed domains. In this case example.com
<?php //Check whether the form has been submitted
if (array_key_exists('check_submit', $_POST)) {
//Converts the new line characters (\n) in the text area into HTML line breaks (the <br /> tag)
$_POST['Comments'] = nl2br($_POST['Comments']); //Check whether a
$_GET['Languages'] is set
}
//Let's now print out the received values in the browser
echo "<br />{$_POST['Comments']}<br /><br />";
}
else
{
echo "You can't see this page without submitting the form.";
}
?>
I always use:
$data = "<b> some text ///, test</b>"
htmlentities(strip_tags(mysql_real_escape_string($data)));
Hope that helps!
Related
I currently have this code below which validates username length only. If none entered it will show error message, if less than 3 characters entered show error message. I want to add an if/else statement that if the user enters special characters like !##$%^&*()+=/? etc... the only special character is allowed is underscore (_) and hypen (-)... Help me how.
thanks
here's the code i have:
<?php
$serror="";
if (isset($_POST['submit'])) {
$username=$_POST['username'];
$lengt = strlen($username);
if($lengt == 0){
$serror=" Please enter account username ";
}
else{
if($lengt < 3 ){
$serror=" Please enter valid account username ";
}
}
if($serror==""){
ob_start();
echo "Success";
header("Location:progress.php?username=$username");
exit;
ob_end_flush();
}
else{}
}
?>
use preg_match() function
$yourString = "blahblah";
if (preg_match('/^[A-Za-z0-9_-]*$/', $yourString)) {
#your string is good
}
remeber preg_match() returns boolean
Your php script works after the user submits the form. From your tags in the question I assume you can use javascript. With Javascript you catch these errors before the form is submitted.
So, your html input field would fire a script and you can use the onkeypress event to see the value of the keystroke.
The submit button would also have a javascript event to look for min string length, else give warning and not submit form.
As others already pointed out, you should use regular expressions for this.
Try with the following if-statement (allows a-z, numbers, underscores and hyphens). It also checks that the length is at least 3 characters:
if (!preg_match("/^([\w\-]{3,})$/", $username)) {
$error = "Not enough chars or there are invalid ones".
}
Read more about preg_match() here
I am just trying to check if a form variable is empty. The code sets the variables $getsubject and $getsubject to the $_POST of the form, then I am checking if they are, empty and if they are I want to set them to "No Message" or "No Subject". I tried with isset as well and it didn't work. I even tried setting an else statement that does the same thing and it doesn't change it.
$getsubject = $_POST['subject'];
$getmessage = $_POST['message'];
if(empty($getsubject)) {
$getsubject = "<No Subject>";
}
if(empty($getmessage)){
$getmessage = "<No Message>";
}
I found the problem .. the code is working - however the since there were brackets "<" and ">" ... when I retrieved the data from the SQL table, it was not appearing. Not sure why, but when I removed the brackets it worked.
If you are not sure id the data from the form exist you must use !isset to check it before you declare the variables, so:
if(!isset($getsubject)) {
$getsubject = "<No Subject>";
}
else{
$getsubject = $_POST['subject'];
}
if(!isset($getmessage)){
$getmessage = "<No Message>";
}
else{
$getmessage = $_POST['message'];
}
The data from $_POST['subject'];, for example, might not exist, and if you declare it php will give you an error
I suggest that you use a full if conditional to display the results you are looking for combined with html.
IF subject has content
then echo Great subject
ELSE
then echo No Subject
END IF
IF message has content
then echo Thank You for the message
ELSE
then echo No Messgae was entered
END IF
^this is the basic logic not the code
Also look into the trim php code which will trim blank space off of the submission. This helps eliminate blank responses or spaces counting as characters (will not remove space between characters)
I am writing a php script which aim is to check whether any of the URLs submitted by the user in the text area are present in an array of other URLs. Unfortunately the script does not work as expected and I can't figure out how to correct it. I have the following code:
<?php
$gwt_links = $_POST['gwt_links'];
$gwt_links_exploded = preg_split('/\r\n|\n|\r/', $gwt_links);
$blacklisted = file('blacklist.txt');
foreach ($gwt_links_exploded as $gwt_link) {
if (in_array($gwt_link, $blacklisted)) {
echo 'link found';
}
else {
echo 'link not found';
}
}
?>
If I submit URLs in a text area, the script returns 'link not found' even if the URLs are present in blacklist.txt file. I suppose the problem lies in reading the file into an array - I think some special characters must be added. I tried removing them by trim, however without success... How should I correct the script to make it work?
I'm using php to generate an html page that displays blog/thread items, and I am using javascript to show/hide some of the details. The problem is that I am generating unique IDs for each set of hidden content, which contains a form to process the input. In processing the form, I need to know which blog item was edited - I want to use $_POST. I'm pretty new to javascript, and I'm thinking that there is probably a solution I can use there.
I want the post to save the text to the mysql database (so call one of my php functions that I have working) and tell me what the text was and what the threadId is.
Here is the php code snipet, where $threadDetailItem is an array that has my thread data in it.
foreach ($threadData as $threadDetailItem)
{
// display main line (a bunch of code here ...)
// append button to edit or delete the post for admin
if ( isset ($_SESSION['isAdmin']) && $_SESSION['isAdmin'] == 'Y'){
// edit link opens content, and delete pops up a confirmation box
$el = sprintf ("editThreadLink_%d", $threadDetailItem['blogThreadId']);
$ec = sprintf ("editThreadContent_%d", $threadDetailItem['blogThreadId']);
$link1 = sprintf ("<a id=\"%s\" href=\"javascript:toggle('%s', '%s');\">+</a>", $el, $ec, $el);
$msg .= sprintf ("<li id=\"field6\">%s</li>\n", $link1);
}
$msg .= "</ul>\n";
echo $msg;
// now that the row is printed, lets add the hidden content if admin so they can edit
if ( isset ($_SESSION['isAdmin']) && $_SESSION['isAdmin'] == 'Y'){
// hidden content to enable editing of the posting
$msg = sprintf ("<div id=\"%s\" style=\"display: none\">\n", $ec);
echo $msg;
echo "<form name=\"form\" method=\"post\" action=\"\">\n";
$msg = sprintf ("<textarea id=\"%s\" name=\"%s\">%s</textarea>\n",
$ec, $ec, $threadDetailItem['threadTitle']);
echo $msg;
$msg = sprintf ("<button type=\"submit\"> %s</button>\n", $lang->get('BLOG POST'));
echo $msg;
echo "</form>\n";
echo "</div>";
}
}
Suggestions on good ways to handle this event are much appreciated. Thanks in advance.
The fields in the data are: blogThreadId, threadTitle, username, createdOn, lastUpdated, displayed (not used) and threadDetails (array containing the posting information).
I was able to use $_POST along w/ the ID in a hidden field to enable my php scripts to know which thread was being edited. It is working
I want to hide <br /> in textarea when typing, but still want to save <br /> when the enter is pressed for posting and then echoing it with broken lines, how can I do this?
Or is any other way to do this-> When user types text into textarea and presses enter, then goes to new line and when submitting I still can echo with broken lines.
I'm detecting when the enter is pressed and putting <br /> into with this code :
`
<td><textarea id="opisId" onKeyPress="onTestChange()"; name="opis" cols="45" rows="15"></textarea></td><script>function onTestChange() {
var key = window.event.keyCode;
if (key == 13) {
document.getElementById("opisId").value = document.getElementById("opisId").value + "<br />";
return false;
}
else {
return true;
}
} `
Thanks for help!
You can use the php function nl2br() or wrap the input with <pre></pre>
Why would you add <br/> upon user input? Just parse the textbox data on submission (or after getting the POST information if applicable) and change the newline characters accordingly.
<br> is not going to magically appear in an textarea unless you type it. \n < new lines can be replaced with the html <br> in php with the nl2br() function.