Results 1 to 10 of 10

Thread: Form Processor - ereg

  1. #1
    rlhanson's Avatar
    rlhanson is offline Master Glow Jedi
    Join Date
    Aug 2007
    Location
    Chapman, Kansas
    Posts
    531

    Default Form Processor - ereg

    Is there a shortcut way of letting your form proceesor know that if ANY fields besides the email contain html or script tags that it should die?

    Here's the code I have (from John-Marc) to keep it out of the comments text area:

    PHP Code:
    if (ereg('[http\\:\\/\\/]*[www\\.]*[A-Za-z0-9_-]+\\.[A-Za-z0-9]+'$_POST['comments'])) 
    {
    header("Location: error.php");
    exit;

    Thank you,
    Lynne Hanson
    RL Hanson-Online

  2. #2
    jmarcv's Avatar
    jmarcv is offline Cranky Coder
    Join Date
    Jan 2005
    Posts
    354

    Default

    Good morning dangerous!

    Actually, that code is to look for url's in comments.
    To check all, you need to loop through the POST array like so:
    PHP Code:
     
    while (list($varname,$value) = each($_POST)) {

    if (
    ereg('[http\\:\\/\\/]*[www\\.]*[A-Za-z0-9_-]+\\.[A-Za-z0-9]+'$value)) {
      
    header("Location: error.php");
      exit;
     }  

    To check for ANY html, the easiest is to strip it out and compare sizes before and after.
    PHP Code:
    while (list($varname,$value) = each($_POST)) {
    $aftervalue=strip_tags($value);
    if (
    strlen($aftervalue)!=strlen($value)) {
     echo 
    "$varname has code in it";
      
    header("Location: error.php");
      exit;
     }  


    PHP: strip_tags - Manual

    Hope that helps.

  3. #3
    rlhanson's Avatar
    rlhanson is offline Master Glow Jedi
    Join Date
    Aug 2007
    Location
    Chapman, Kansas
    Posts
    531

    Default

    Good morning to you also

    That is exactly what I looking for as far as an example - I didn't know what to search for on the php.net site.

    I'm going to try it out! I have a (what used to be a 6-page document) form for a client and I wanted to get a little lazy instead of having to put an ereg statement for every value.

    Thanks so much for the response. I hope I can get this figured out. lol
    Thank you,
    Lynne Hanson
    RL Hanson-Online

  4. #4
    jmarcv's Avatar
    jmarcv is offline Cranky Coder
    Join Date
    Jan 2005
    Posts
    354

    Default

    I am sure you can get it figured out!

  5. #5
    rlhanson's Avatar
    rlhanson is offline Master Glow Jedi
    Join Date
    Aug 2007
    Location
    Chapman, Kansas
    Posts
    531

    Default

    John-Marc,
    How do I implement the code and still allow for an email address to be entered?

    I need some sort of else statement right?
    Thank you,
    Lynne Hanson
    RL Hanson-Online

  6. #6
    jmarcv's Avatar
    jmarcv is offline Cranky Coder
    Join Date
    Jan 2005
    Posts
    354

    Default

    You should try it. Since an email addy is not html code, it passes through fine.

  7. #7
    rlhanson's Avatar
    rlhanson is offline Master Glow Jedi
    Join Date
    Aug 2007
    Location
    Chapman, Kansas
    Posts
    531

    Default

    Thanks for your response. I actually had tried both examples and wasn't getting the results I anticipated so thought I would ask about the email address before going any farther.

    When I place this:

    PHP Code:
    while (list($varname,$value) = each($_POST)) {
     
    if (
    ereg('[http\\:\\/\\/]*[www\\.]*[A-Za-z0-9_-]+\\.[A-Za-z0-9]+'$value)) {
      
    header("Location: error.php");
      exit;
     }  

    I get the error page regardless of what I type in (html or no html).

    With the other example, it processes regardless of what I type in (html or no html).

    I used a form wizard to shortcut which has some add slashes and 'what not' - I'm going to try using my other form processor and see if I can't narrow things down a bit.

    Thanks as always!!
    Thank you,
    Lynne Hanson
    RL Hanson-Online

  8. #8
    rlhanson's Avatar
    rlhanson is offline Master Glow Jedi
    Join Date
    Aug 2007
    Location
    Chapman, Kansas
    Posts
    531

    Default

    I just tried out the wizard at: phpFormGenerator - create professional web forms in minutes

    which is pretty cool as you can have the captcha function and break long forms into pages.

    I like it!!
    Thank you,
    Lynne Hanson
    RL Hanson-Online

  9. #9
    jmarcv's Avatar
    jmarcv is offline Cranky Coder
    Join Date
    Jan 2005
    Posts
    354

    Default

    The first was to strip URL's and the second was for HTML code.
    Well if phpFormGenerator does that for you then all the better. If not and we need to revisit, let us no.

  10. #10
    rlhanson's Avatar
    rlhanson is offline Master Glow Jedi
    Join Date
    Aug 2007
    Location
    Chapman, Kansas
    Posts
    531

    Default

    I honestly haven't tested it to see if it allows the html code yet, but it's a super long form, and requires input in each section and finishes up with the captcha. What I'm hoping for is that it's too much of a pain to send a bunch of spam. lol

    I'll let you know - as usual!
    Thank you,
    Lynne Hanson
    RL Hanson-Online

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16