Results 1 to 6 of 6
-
02-19-2012, 03:06 AM #1Newbie
- Join Date
- Feb 2012
- Posts
- 16
Prevent '<' and '>' Signs in Posts?
How can I prevent the less than and greater than signs in the username field, and message on the post? As well as slashes. / \.
Code:<form method="post" action="" id="reply"> <script type="text/javascript"> function hi(id){ var val = id.options[id.selectedIndex].value; var text = id.options[id.selectedIndex].text; if (val.length != 0){document.getElementById('user').value = text;hide('passrow');} else { document.getElementById('user').value = ''; document.getElementById('passrow').style.cssText = ''; } } </script> <div id="userpass" style="background: #000;"> <table style="border: 2px solid #252564; background: #1F1F5D;" width="100%" cellpadding="0" class="quick_userpass"> <tr> <td background="/images/bg3.jpg" height="26px"><font face=arial size=2 color="white"> <b>Your Name or Nickname</b></td> </tr> <tr> <td><input size=50 name="user" id="user" value="" style="margin-left: 10px;"></td> </tr> <tr><td background="/images/bg3.jpg" height=26px></td></tr> </table> <div id="passrow" style=""> <p> <table width=100% cellpadding=0 class="quick_userpass" style="border: 2px solid #252564; background: #1F1F5D;"> <tr><td background="/images/bg3.jpg" height=26px style=""><font face=arial size=2 color="white"> <b>Password (optional)</b></td></tr> <tr><td style=""><input size=50 name="pass" id="pass" type="password" style="margin-left: 10px;" value=""></td></tr> <tr><td background="/images/bg3.jpg" height=26px></td></tr> </table> </p> </div> <p> <table width=100% cellspacing=0 cellpadding=4 class="quick_userpass" style="border: 2px solid #252564; background: #1F1F5D;"> <tr bgcolor="#121236"><td><font face=arial size=2 color="white"><b>Enter your message here</b></font></td></tr> <tr><td><center><textarea id="quickreply" name="message" rows=10 cols=50 wrap="VIRTUAL" ></textarea></center></td></tr> </table> <div id="preview" style="display: none;"></div> </p> <br /> <center> <font face=arial size=2>When you're happy with your message, click:</font> <div id="javano"><input type="submit" value=" Post Message "></div> </center> <input type="hidden" name="tid" value="<?php echo $_GET["tid"];?>" /> </div> </form>
That is the code I'm using for User/Pass/message fields.
-
02-19-2012, 08:50 PM #2Newbie
- Join Date
- Feb 2012
- Location
- Germany
- Posts
- 25
You need to do it in your php-code as javascript checks can be bypassed.
If you are trying to get the interpretation of html code out of your form use htmlentities(); -> http://us.php.net/manual/en/function.htmlentities.php█ Christian Berger, cb.ikt
█ www.cb-ikt.de
-
02-20-2012, 01:08 PM #3WHT Addict
- Join Date
- Apr 2002
- Location
- USA
- Posts
- 117
Maybe just add function to allow only letters and numbers.
PHP Code:function alphanumeric(inputbox)
{
var letterNumber = /^[0-9a-zA-Z]+$/;
if((inputbox.value.match(letterNumber))
{
return true;
}
else
{
alert("some message");
return false;
}
}
-
02-20-2012, 01:09 PM #4Newbie
- Join Date
- Feb 2012
- Posts
- 16
Well, I do have a function like that, but I want to allow some characters that aren't letters and numbers.
-
02-20-2012, 01:21 PM #5Newbie
- Join Date
- Feb 2012
- Location
- Germany
- Posts
- 25
The code you provided can be bypassed by disabling js in your browser and is not a safe method as I already stated in my post.
But, there is a possibility to match strings in PHP using Perl regular expressions: http://php.net/manual/en/function.preg-match.php█ Christian Berger, cb.ikt
█ www.cb-ikt.de
-
02-20-2012, 05:07 PM #6WHT Addict
- Join Date
- Apr 2002
- Location
- USA
- Posts
- 117
As cb-ikt mentioned you could get there with a little PHP too.
$result = preg_replace("/[^!<>@&\/\sA-Za-z0-9_]/","", $string);
Put the chars you wish to allow between the []
You have to escape the / with \/ otherwise it will change the regex.
Similar Threads
-
using little yard signs
By mjfroggy in forum Running a Web Hosting BusinessReplies: 7Last Post: 04-13-2009, 08:27 AM -
How do you make these signs?
By Merged in forum Web Hosting LoungeReplies: 12Last Post: 07-09-2005, 08:27 AM -
10 Signs of I n s a n i t y
By Acroplex in forum Web Hosting LoungeReplies: 16Last Post: 10-11-2004, 11:34 AM -
Funny Signs
By The Dude in forum Web Hosting LoungeReplies: 21Last Post: 08-22-2004, 10:27 AM -
25 Signs you've grown up!
By jpavleck in forum Web Hosting LoungeReplies: 16Last Post: 02-25-2004, 04:01 AM