Results 1 to 6 of 6
  1. #1

    Prevent '<' and '>' Signs in Posts?

    How can I prevent the less than and greater than signs in the username field, and message on the post? As well as slashes. / \.

    Code:
    <form method="post" action="" id="reply">
    						<script type="text/javascript">
    						function hi(id){
    							var val = id.options[id.selectedIndex].value;
    							var text = id.options[id.selectedIndex].text;
    							if (val.length != 0){document.getElementById('user').value = text;hide('passrow');}
    							else { 
    								document.getElementById('user').value = '';
    								document.getElementById('passrow').style.cssText = '';
    							}
    						}
    						</script>
    
    						<div id="userpass" style="background: #000;">
    							<table style="border: 2px solid #252564; background: #1F1F5D;" width="100%" cellpadding="0" class="quick_userpass">
    								<tr>
    									<td background="/images/bg3.jpg" height="26px"><font face=arial size=2 color="white">&nbsp;&nbsp;&nbsp;<b>Your Name or Nickname</b></td>
    								</tr>
    								<tr>
    									<td><input size=50 name="user" id="user" value="" style="margin-left: 10px;"></td>
    								</tr>
    								<tr><td background="/images/bg3.jpg" height=26px></td></tr>
    							</table>
    
    							<div id="passrow" style="">
    								<p>
    								<table width=100% cellpadding=0 class="quick_userpass" style="border: 2px solid #252564; background: #1F1F5D;">
    									<tr><td background="/images/bg3.jpg" height=26px style=""><font face=arial size=2 color="white">&nbsp;&nbsp;&nbsp;<b>Password (optional)</b></td></tr>
    									<tr><td style=""><input size=50 name="pass" id="pass" type="password" style="margin-left: 10px;"  value=""></td></tr>
    									<tr><td background="/images/bg3.jpg" height=26px></td></tr>
    								</table>
    								</p>
    							</div>
    
    							<p>
    								<table width=100% cellspacing=0 cellpadding=4 class="quick_userpass" style="border: 2px solid #252564; background: #1F1F5D;">
    									<tr bgcolor="#121236"><td><font face=arial size=2 color="white"><b>Enter your message here</b></font></td></tr>
    									<tr><td><center><textarea id="quickreply" name="message" rows=10 cols=50 wrap="VIRTUAL" ></textarea></center></td></tr>
    								</table>
    								<div id="preview" style="display: none;"></div>
    							</p>
    							<br />
    							<center>
    								<font face=arial size=2>When you're happy with your message, click:</font>
    								<div id="javano"><input type="submit" value=" Post Message "></div>
    							</center>
    							<input type="hidden" name="tid" value="<?php echo $_GET["tid"];?>" />
    						</div>
    					</form>

    That is the code I'm using for User/Pass/message fields.

  2. #2
    Join Date
    Feb 2012
    Location
    Germany
    Posts
    25
    You need to do it in your php-code as javascript checks can be bypassed.

    If you are trying to get the interpretation of html code out of your form use htmlentities(); -> http://us.php.net/manual/en/function.htmlentities.php
    █ Christian Berger, cb.ikt
    www.cb-ikt.de

  3. #3
    Join Date
    Apr 2002
    Location
    USA
    Posts
    117
    Maybe just add function to allow only letters and numbers.
    PHP Code:
    function alphanumeric(inputbox)
    {
    var 
    letterNumber = /^[0-9a-zA-Z]+$/;
    if((
    inputbox.value.match(letterNumber)) 
    {
    return 
    true;
    }
    else

    alert("some message"); 
    return 
    false
    }


  4. #4
    Well, I do have a function like that, but I want to allow some characters that aren't letters and numbers.

  5. #5
    Join Date
    Feb 2012
    Location
    Germany
    Posts
    25
    Quote Originally Posted by sonic10 View Post
    Maybe just add function to allow only letters and numbers.
    The code you provided can be bypassed by disabling js in your browser and is not a safe method as I already stated in my post.

    But, there is a possibility to match strings in PHP using Perl regular expressions: http://php.net/manual/en/function.preg-match.php
    █ Christian Berger, cb.ikt
    www.cb-ikt.de

  6. #6
    Join Date
    Apr 2002
    Location
    USA
    Posts
    117
    As cb-ikt mentioned you could get there with a little PHP too.

    $result = preg_replace("/[^!<>@&\/\sA-Za-z0-9_]/","", $string);

    Put the chars you wish to allow between the []
    You have to escape the / with \/ otherwise it will change the regex.

Similar Threads

  1. using little yard signs
    By mjfroggy in forum Running a Web Hosting Business
    Replies: 7
    Last Post: 04-13-2009, 08:27 AM
  2. How do you make these signs?
    By Merged in forum Web Hosting Lounge
    Replies: 12
    Last Post: 07-09-2005, 08:27 AM
  3. 10 Signs of I n s a n i t y
    By Acroplex in forum Web Hosting Lounge
    Replies: 16
    Last Post: 10-11-2004, 11:34 AM
  4. Funny Signs
    By The Dude in forum Web Hosting Lounge
    Replies: 21
    Last Post: 08-22-2004, 10:27 AM
  5. 25 Signs you've grown up!
    By jpavleck in forum Web Hosting Lounge
    Replies: 16
    Last Post: 02-25-2004, 04:01 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •