Checking User Input With Eregi Function
The function below (ExpressionTest.php) is for checking user input. The function is supposed to permit only alphabetical characters, the apostrophe ('), and the dash (-) for the "FirstName" variable. For some reason the script below will permit the dash to be used but gives the message "Please enter a valid first name." message when the FirstName variable includes an apostrophe.
I have tried switching places for the dash and the apostrophe. But if I place the apostrophe first in the string and the dash second in the string I still get the same message. PHP Code:
View Complete Forum Thread with Replies
See Related Forum Messages: Follow the Links Below to View Complete Thread
Checking For % Single With Eregi Function
I'm having trouble detecting the percent sign with the eregi function, this is my current code: if(eregi('^[0-9a-z%]+$', $username)) could anyone help me correct the syntax?
Checking User Input
I want to check to see if there's only letters and numbers in a field, how would I go about doing this?
Calling A Function Through User Input.
So heres yet another question to a problem where I would have no idea where to look for the answer for so I turn to you :) Say my sites administrator wants to write a news update or blog or whatever. Something like this "Added a new gallery from my trip to Phuket, enjoy: [GID=24] If you liked it tell me." I want the [GID=24] to get replaced by my galery loading function (very nifty and handy) so it would turn into something like this echo "Added a new gallery from my trip to Phuket, enjoy: ".galery($GID)." If you liked it tell me."; I chose this [GID=24] because it is similar to burning board code. I would also like to include a command like [PID=45] witch would run my picture function.
Checking Input Of An Url Or Ip?
i do use the following code: Code: if ($siteurl == "") { $badreg = true; $valid_url = false; echo "<span class='main'><font color='#C10000'><b>Error:</b></font> Please check your url.<br> "; } else { $valid_url = true; $siteurl = ereg_replace("http://", "", $siteurl); list($domain, $file) = explode("/", $siteurl, 2); $siteurl = "http://" . $domain . "/" . $file; } Any idea how i could extend the " if ($siteurl == "") { " for checking for valid domain names and ip-addresses?
Checking Form Input
Well i've eventually manage to get a comments system working on my site, adding information etc. however i want to add a few saftey precausions. I.e prevent use of HTML commands been enterend into a comment or holding down a single key, that can often lead to tables been pushed out of size, thus messing up the site. i have been using a function that strips out swear words, this works fine, I included an option to remove HTML etc... using PHP Code:
Checking Input Text?
I wondered if this script seemed correct? The user should enter a userid and password in two text fields, and then pass these values to the method login_user. Could I ask, is there any approach to, once the user clicks the submit button to test the userid and password has been entered, and the text fields are not empty. <?php function login_form(){ ?> <html> <head> <title></title> </head> <body> <div align="center"> <form method="post"> <table border="1"> <tr> <th align="right">E-mail</th> <td nowrap> <input name="userid" size="25"> </td> </tr> <tr> <th align="right">Password</th> <td nowrap> <input name="password" size="25"> </td> </tr> <tr> <td align="center"> <input type="submit" name="submit" value="Login"> </td> </tr> </table> </form> <div> </body> </html> <?php } login_form(); $user_info = login_user($_POST['userid'], $_POST['password']; ?>
Form Input Error Checking
Have a form field being inserted, needs to only allow an integer value through. Which function do I want to use to check the passed var to see if there are any non-integer values present? PHP Code:
Checking For Valid Date Input
If a date is entered in a form with MMDDYY, how do I check if this input field is a valid date. Is there a php function to do this?
PHP Input Checking - Checks For Illegal Characters
I have a HTML form where the user can type in certain values, but I only want them to able able to submit integers (0-9). I post to a PHP page with the following "snippit" of code (all the variables have been properly assigned): // Checks for illegal chars $illegal_chars = array("`", "~", "!", "@", "#", "$", "%", "^", "&", "*", "(", ")", "-", "_", "=", "+", "q", "w", "e", "r", "t", "y", "u", "i", "o", "p", "[", "{", "]", "}", "", "|", "a", "s", "d", "f", "g", "h", "j", "k", "l", ";", ":", "'", """, "z", "x", "c", "v", "b", "n", "m", ",", "<", ".", ">", "/", "?"); foreach ($illegal_chars as $value) { if (stripos($db_mysql, $value)) { $pass1 = "f"; } elseif (stripos($db_postgre, $value)) { $pass2 = "f"; } elseif (stripos($db_oracle, $value)) { $pass3 = "f"; } elseif (stripos($email_basic, $value)) { $pass4 = "f"; } elseif (stripos($email_exchange, $value)) { $pass5 = "f"; } elseif (stripos($ftp_users, $value)) { $pass6 = "f"; } elseif (stripos($domain_subdomains, $value)) { $pass7 = "f"; } else {} } The code will not work, and I can't see why. The variables $pass1-pass7 aren't set after the foreach() loop, no matter what is in the input!
Eregi() Function In Array()
Heres my code.. // Gets the extension of a file $ext = strrchr($files[$i]["filename"],'.'); //Array of extensions $denied_types = array(".EXE",".exe"); //And if (in_array($ext,$denied_types)){echo("Denied"); I wanto to use the eregi() function so that the search in the denied_tipes was case insensitive that way i dont have to type EXE,exe..
Eregi : Function Always Evaluates To True
Can someone please tell me why this function always evaluates to true regardless of what I enter? if (!eregi ("A-Za-z", $frm_member_name)) { // invalid characters $php_login_status = "not ok"; }
Which Function Is Faster: Eregi [or] Stristr?
Which is a faster alternative for determining if a specific string is contained in another, case-insensitively... eregi(pattern,string) [OR] stristr(string,string) It's intended for matching multiple parts of user agent names (in an array) against $_SERVER['HTTP_USER_AGENT'] For example: $agent = $_SERVER['HTTP_USER_AGENT']; $block = array('asp search','websearch','etcetera'); $blocked=false; for($i=0; $i<count($block); $i++) { // EITHER THIS: if( eregi("/$block[$i]/i",$agent) ) { $blocked=true; break; } // ... OR: if( stristr($block[$i],$agent) ) { $blocked=true; break; } }
Caret ^ And The Scalar $ Characters With The Eregi Function?
Can anybody tell me where in the PHP Manual I can find documentation that tells the proper way to use the caret "^" and the scalar "$" characters with the eregi function? Below is a code statement that I got from a book written by Larry Ullman. It was Larry Ullman's first book. The book is entitled "PHP For The Worldwide Web." PHP Code: if (!eregi("^([[:alnum:]]|_|.|-){3,15}$", $UserName)){ exit('The username can only have letters, numbers, underscores, dashes, and periods. It can contain a maximum of 15 characters.'); } The above statement will permit the $UserName to contain only letters, numbers, underscores, dashes, and periods. The length must be between 3 and 15 characters. For my own peace of mind I'm trying to figure out where Larry Ullman found how to use the caret "^" and the scalar "$" in the statement above so I don't have to take his word for it. The documentation in the PHP Manual for the eregi function uses the caret and the scalar just like Ullman. You can find code statements under the "User Contributed Notes" section of the page. http://us.php.net/manual/en/function.eregi.php But the Manual on that page (or any other page that I can find) does not make a single mention of the use of the caret and the scalar in the pattern matching process.
User Input...
I have a form with a field that expects user to input HTML tags. I know I have to use htmlspecialchars for that input but what if the user inputs PHP code? I've looked at the help file and I can only find strip_tags which removes both PHP and HTML tags. If a user wants to crash/corrupt/hack into your site by entering PHP code, what kind of things can he type? Must he include PHP tags to work? If he must use PHP tags, I could just write a function to remove only the PHP tags and not the HTML tags.
User Input?
Is there a way to get user input from a php script that doesn't have to do with html? I would like to ask the user(me) to input a directory(preferably in a gui way such as a folder selection dialog) to do some work with. Is this possible when running the script directly on my comp(not off a server(remote or local))? The script is a management thing that I'd like to create to help generate some html code. Essentially I want it to scan a dir(but don't want to hard code it) and have it generate a list of links for the files in that dir(which are images). Maybe even asking for a description for each. Even if it was a little shell program to change the directory(sorta like dos) would be much better than having to enter in the directory name by hand.
Php User Input
When running PHP as a binary, is there a way to ask for user input?
Checking A Database For A User Name
How can you check a database for something. I have a database with several fields and a page for creating new rows. I'd like to make it able to search the database for one of the fields, the user name, and add a new row it the name is not present and update the row if the user name is present. Any good ideas?
Verifying User Input
I want to be able to search through a string that gets filled into my form. Make sure there are no quotes, semicolons and that kind of thing, that will mess up my database query. PHP Code:
What To Strip From User Input:
I recently suffered massive bot attacks against my contact page. Someone sent me over 350 e-mails from my form in less than a couple of hours. As this form only sends e-mail to an address dedicated for this purpose, this isn't more than an inconvenience. In re-writing it, I decided to write better stripslash and strip_tags functions of my own. I have the function stripping out left and right angle brackets, and forward and back slashes. I replace these with blanks (I am the only one that views these e-mails and I think I can figure out what was meant). That should break most script and malicious html tags. What else should I watch for and strip? I thought it might be wise to replace "=" signs with blanks. Should I worry about words like "query" or "fopen"? Part of my solution to preventing bot attacks against my form is to force manual input by varying the name="" values. I have eighteen different possibilities for each field on the form. I choose which to use randomly. I check each possibility when processing to see if it is set and send posters to a 404 page if they post to the wrong or all possible variables. I also include a random string of 5 digits as an authorization code in a hidden field. I use mysql database to let the processing page know what variables and authorization code to expect, associated with the poster's ip. Use the wrong authorization code and you go to the 404 page. If your ip doesn't show up on in the database, you get a "404 page not found." I delete records from the database after processing, including old, unused entries where someone left without completely filling out the form. Does anyone see any reason that won't work to thwart the bots?
User Input Validation
I am intending to make a form on a page, on pushing submit the forms gets posted onto itself so that it checks for empty fields and prompts user to get all fields filled, BUT the filled value should stay, I did this easily on ASP, but could not figure out in PHP. Code:
User Input Filtering
I have a comments system. In this comment system, people can enter certain strings, and it will break my page layout. Such as repeated characters with no spaces. It will just blow the table way out of proportion and completely ruin my layout. How can I break their input up if such a thing happens? Also, how can you number an array of data that is being withdrawn from the database DESC? Such as.. Quote1. itemnumber1 2. itemnumber2 3. itemnumber3 4. itemnumber4
Filtering User Input...
I want to take text that a user inputs and store it into a variable. That's the easy part. I have and array of 30 elements that I want to store the inputted text into. So.. here's an example... - I want a user to enter text. - I'll store it into a variable like $inputText. - I want to split the text from $inputText into 30 equal sections and store each section into an element in the variable. - I don't care if the words get separated during the filter, as long as the whitespaces stay where they are. Could anyone give me some tips to help me get started or point me towards a tutorial or something?
Checking If A User Has Submitted A Form
I have a form that validates itself by putting "<?php $_SERVER['PHP_SELF'] ?>" as the form's action. I have now written some simple validation, shown below. $name = $_POST['name']; if (!isset($name) || empty($name)) { echo "Error, please fill in the name textbox"; } The problem is, this code shows up, even if the user has never submitted the form. How do I only show the error AFTER the user has pressed my submit button?
Security With User Input And Sessions
I have two sort of related questions, if anyone would be so kind as to answer: 1. When I do an form for input (into a database) that is used for subsequently displaying on a web page, is there a function written to parse out all dodgy stuff, like putting HTML tags that could break the page, or filter out SQL that could corrupt or invalidate the entry or is there a regular expression that someone has already done to cover all areas? 2. If I am displaying data from a database and using sessions and the like, should I be putting something like this in my code (I found it in the php manual): header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // past header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header ("Pragma: no-cache"); // HTTP/1.0
Cleaning Up User Form Input In Php
Does anyone please know why when trying to clear up user input that has been entered into a form, php only clears up most of it and not all? For example, using stripslashes to remove all slashes from a variable after a user has submitted quotation marks ("") into a form. The quotation marks cause the variable being parsed to contain slashes. e.g. a user enters """""" into a form , the variable returned to php becomes """"" So if I only wanted the quotation marks, I thought the stripslashes function would achieve this. However, it only removes 3 of the 5 slashes leaving 2 unwanted slashes behind.
Cleaning User Input, Is This Safe Enough?
I've written a small function that cleans up all user input before entering it to the DB. I'm wondering, is this sufficient or am I missing someting? function clean_text($text) { $text = str_replace("<", "<", $text); $text = str_replace(">", ">", $text); $text = strip_tags($text); $text = htmlspecialchars($text, ENT_NOQUOTES); $text = mysql_real_escape_string($text); return $text; }
How To Get User Input For A Variable Without Using Forms Or Tables
I have created forms and taken user input from the forms into php variables. When validating the fields, if i find my conditions not satisfied on the php variable, i ignore the database connectivity and display error message and having the user to go back to the page and correct the error. Is there a way i can correct the error without going back to the page, and getting the particular user input without having to create another form or table for input into the php variable.
How Do You Do TCL Exec Command On PHP Script That Uses User Input?
The TCL command I am using will do a command-line action on a PHP script: set cannotRunPHP [catch { eval "exec php -q $root/scripts/info/php/info.php" } errMsg] I have to do it this way as both the TCL script and the PHP script run as CLI. However, "info.php" requires user input to run; this causes the TCL script calling the PHP script to hose up and die. Is there a way I can do this so that the TCL script can call the PHP script without any problems? Is there an alternate way of calling the PHP script other than using exec were that to solve this issue?
Displaying Text Fields On User Input
How would I echo a particular amount of text fields depending on how many the user selects from a drop down menu that I have already created. For example say the user selects 4 or whatever other number from a drop down menu how would I echo 4 or whatever the amount of text fields for a user to input text into? An example would be an airline website were you select how many people are travelling and then it echo fields for those people to enter their names.
User Local Time Diplay In Input Field
I'm wondering how can I have the local time of a user into a input field, it might sound or be stupid but even after my search I couldn't find a code si9mple enough, without any bla bla which each not my need.
Dynamically Creating URLS Based On User Input !
I am looking to create pages on the fly or dynamically based on user input. For example if i have www.example.com and they visit this and enter 'bob' in a textfield and press submit they create www.example.com/bob.html . How would I go about this ? I am guessing I need to create a folder when submit is pressed in my website directory ?
EREGI And RegEx : Warning: Eregi(): REG_BADRPT
I'm trying to validate a string. The string is for a blog entry (and other, similar), so I need to keep most characters. All I want to exclude is <> (to stop people from using html), and to keep the string between 20 characters and 500 characters in length. I wrote the following, which makes sense to me... if (!eregi ("^[<>]{0,20}|{500,}$", stripslashes(trim($_POST[description])))) { //all good } else { //error } but it's giving me this error Warning: eregi(): REG_BADRPT in /home/httpd/vhosts/thecarshowcase.com/httpdocs/includes/profilefunctions.php on line 111 Can anyone see where i'm going wrong?
Cleaning User Input (Removing HTML/stripping Slashes Etc...)
How can I remove HTML and add slashes to a variable? I know I can add slashes with addslashes($var); but I need to know how to remove all HTML at the same time. Also - Are there any other characters I should strip from the variable (it will be stored in a database and displayed on a web page).
Inserting Php Code With "eregi Replace" Function
A little background...Rather than using an iframe in FCKeditor within my CMS system I located the line of code where I can directly place text that outputs to the correct place within the whole site.(templates stay intact and so forth) I found this...which BTW is within php tags - also <% main %> is element in seperate template file. $template = eregi_replace("<% main %>", "$main", $template); and replaced $main with this and it correctly shows on the site. $template = eregi_replace("<% main %>", "ABC testing content", $template); I can also insert image tags to display those as well...but the main thing I want to be able to do is build a seperate page in php (say a calendar for ex.) and include it above between the quotes. I tried the usual include method without any success...so I am sure there might be some syntax I am missing although I didn't get any parse errors. I can post more code if need be, but I wanted to see if anyone had any possible solutions as I don't want to have to paste a whole page of coding in between the quotes I would like to just "include" it. (may not be possible with the structure of the template var)
Checking The 'message' Parameter Of The Mail Function
I would imagine it is a fairly common situation for a site to allow the user to enter some text into a field and then to have that text passed to the 'message' parameter of the mail function (http://us4.php.net/manual/en/function.mail.php). Is it a good idea to pass this text through some other function first or can it be sent through as is? Is this a case where the maxim 'do not trust input from the user' does not apply?
Eregi And Eregi Replace
I am struggling with understanding a small eregi problem in php4. My code: <?PHP $htmlsource = '<img src="pics/hotdog.gif"> text text <img src="pics/silly%20sausage.gif"> ' eregi('(=")(pics/)([0-9a-zA-Z%/ ]+.[a-zA-z]..)(")',$htmlsource,$imagesintext); ?> var_dump gives this, so I know it's working Outputs array(5) { [0]=> string(18) "="pics/hotdog.gif"" [1]=> string(2) "="" [2]=> string(5) "pics/" [3]=> string(10) "hotdog.gif" [4]=> string(1) """ } What I am trying to do is replace all images in the format ="pics/image.jpg" with "image.jpg" and at the same time make a list of the files image.jpg. The problem is how to pick up ALL the occurances, not just the first??? Also how to use replace to remove the pics/ bit of the string.
Checking If $user & $pass = " "
if !( $user=="" || $pass==""); mysql_query("INSERT INTO users (id, sn, pw) VALUES ( '$idhigh + 1', '$user', '$pass')"); It wont load up my page when I try to run it with this in my page, what am I doing wrong? It checks my text boxes to see if the user and pass equals a blank input when the person clicks on the submit button, and if it does, then it does nothing.
Validation Function For All User Fields?
Hi, I'm wondering if anybody knows of a function or statement similar to perls read(STDIN, $input, $ENV{'CONTENT_LENGTH'}); to read in a forms content string so that I can manipulate each variable/value pair independently of their values. The reason for this is that I have a complex application form which has many inputs and I would like to put these values through a validation filter without explicitly naming them individually. My other option is to make an array of the variable names and use this in a for loop to go through each variable/value pair. This is fine but it would be handier to let PHP do that for me.
Is It Possible To Use Php User Function In A Single Global SQL Query?
This string does not work in php: $sql="UPDATE mytable SET myfield=myuserfunction(myfield)" What I want is my function to evaluate each field and put the new value in the field. For example, this works: $sql= "UPDATE mytable SET myfield=myfield+3"; Stores myfield+3 in each myfield, but with a function it does not work.
User Defined Function - MySQL Queries
I am trying to write a function that builds list of different query results, but the mysql_fetch_assoc function isn't working properly within my function. If anyone cares to take a gander and let us know what I may be missing. Code:
Currently Logged In NT User Id-password For Mail Function Usage
I am building an intranet website. My requirements are - I need to allow only registered users of my NT domain. I am acheiving this by using SSPI module(equivalent to NTLM) for apache. I am running Apache 2.0.44, with PHP 4.3.1 on win 2000. The SSPI module will throw a login screen where the user will type in his username and password. Now the problem is I want to use the user id and password of the currently logged in user for smtp server authentication so that I can send the emails from there email account. First, How can I achieve this? Which are the variables I willl have to use to get this info? Second, I want to sent this info for authentication in encrypted format, how do i do this?Third, how can I get the currently logged username and password without prompting the user?
$_POST Behavior From Input=submit Vs Input-type=button
I have been trying to solve an annoying behavior with PHP (I think). Maybe some of you have encountered the same and have some ideas. I have an html form and I use an <input type="button"> element with the onClick event that calls a javascript funtion. Once the script's content has been processed, I execute the form.submit() directive. I would like to combine the html form and the PHP script into one, and use action="<?php echo($PHP_SELF) ?>". When the html form has <input type="button" name="theButton" value="thisisthetrigger" onclick="doThis(this.form)">but PHP cannot 'read' the value of $_POST["theButton"] after form.submit(). If I substitute the <input type="button"> for <input type="submit"> then PHP reads the value just fine. Some may argue to just use the latter option, but that will cost me a trip back to the server to basically do a lot of validation that can be very easily accomplished on the client side.
Eregi()
does an eregi() look like this? Well, can I use it like this. Or what am I doing wrong?: <html> <head> </head> <body> <form method=POST action="search.php"> <input type="text" name="query"> <input type="Submit" value="Submit" name="submit"> </form> </body> </html> <?php if (eregi("html", "web design", $query)) { echo "'$query'"; } else { echo "does not match."; ?>
|
TRACKER
