|
PHP - Ideas On Validating A Word Submitted Against A List Of Predetermined Words?
I have a situation where I need to put a textbox and a submit button on a page. The user is logged in. The script needs to check against a list of words to make sure the word the user entered is correct and if so submit their information(ie:name, email, time, date, word entered to a database table. The part i'm having trouble with is figuring out how to make it check against a specific set of words.
Code: [Select] <p><strong>Enter Word</strong></p> <form action="/paradisepassword.php" method="post"> <input type="hidden" name="action" value="password2paradise" /> <table cellpadding="5px"> <tr> <td style="padding:3px;"><label for="password2paradise">Enter he :</label></td> <td style="padding:3px;"><input name="password2paradise" type="password2paradise" id="password2paradise" value="" maxlength="30" tabindex="5" /></td> </tr> <tr> <td style="padding:3px;"> </td> <td style="padding:3px;"><input name="submit" type="submit" value="Submit Password" tabindex="7" class="generalButton" /></td> </tr> </table> </form> and the php file to process it: <?php include_once($_SERVER['DOCUMENT_ROOT']."/_core/config.php"); include_once($_SERVER['DOCUMENT_ROOT']."/_core/db-connect.php"); include_once($_SERVER['DOCUMENT_ROOT']."/_core/functions.php"); include_once($_SERVER['DOCUMENT_ROOT']."/_core/user-cookies.php"); ///////////////////////////////////////////////////////////////////////////// //function submitParadisePassword($intContestantID, $intDateSent, $intParadisePassword, $strType){ $paradise_password = paradisePassword("password1", "password2", "password3", "password4", "password5", "password6", "password7", "password8", "password9", "password10"); if (!$paradise_password == paradisePassword); { // success! $query_insert="INSERT INTO ".DB_DATABASE.".paradisepassword_2010 ( accountID, nickname, firstName, lastName, email, paradisePassword, sentFromUrl, dateSent, dateSentTimestamp, ipAddress ) VALUES ( '".mysql_real_escape_string($_POST['accountID'])."', '".mysql_real_escape_string($_POST['nickname'])."', '".mysql_real_escape_string($_POST['firstName'])."', '".mysql_real_escape_string($_POST['lastName'])."', '".mysql_real_escape_string($_POST['email'])."', '".mysql_real_escape_string($_POST['paradisePassword'])."', '".mysql_real_escape_string($_POST['sentFromUrl'])."', '".date("Y-m-d")."', '".time()."', '".$_SERVER['REMOTE_ADDR']."' ) "; mysql_query($query_insert); header("Location: ".$_POST['sentFromUrl']."?p2p=success"); } else { header("Location: ".$_POST['sentFromUrl']."?p2p=fail"); } //} ?> what am i missing? Similar TutorialsI tried inserting a town into my database but only the first word gets inserted?! eg: Abbots Langley only Abbots gets inserted?! Code: [Select] if(isset($_POST["register"])) { // Your code here to handle a successful verification $RSTOWN = $_POST['rsTown']; $rsGender = $_POST['rsGender']; $RSUSER = $_POST['RSUSER']; $RSPASS = $_POST['RSPASS']; $rsEmail = $_POST['rsEmail']; $rsMobile = $_POST['rsMobile']; $rsAge = $_POST['rsAge']; $to = 'info@mypubspace.com, '.$rsEmail; //define the subject of the email $subject = 'Welcome '.$RSUSER.' to My Pub Space'; // message $message = ' <html> <head> <title>'.$subject.'</title> </head> <body> <table> <tr> <td>Name:</td> <td>'.$RSUSER.'</td> </tr> <tr> <td>Email:</td> <td>'.$rsEmail.'</td> </tr> <tr> <td>Town:</td> <td>'.$rsTown.'</td> </tr> <tr> <td>Telephone:</td> <td>'.$rsMobile.'</td> </tr> <tr> <td>Age:</td> <td>'.$rsAge.'</td> </tr> <tr> <td>Password:</td> <td>'.$RSPASS.'</td> </tr> </table> </body> </html> '; // To send HTML mail, the Content-type header must be set $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; // Additional headers $headers .= 'To:' .$to. "\r\n"; $headers .= 'From:' .$rsEmail. "\r\n"; // Mail it mail($to, $subject, $message, $headers); $sql = "INSERT INTO members_copy (RSTOWN, RSGENDER, RSUSER, RSPASS, RSEMAIL, RSMOBILE, RSAGE) VALUES ('$rsTown', '$rsGender', '$RSUSER', '$RSPASS', '$rsEmail', '$rsMobile', '$rsAge');"; //echo $sql; mysql_query($sql); got this function in php.net i guess function mywordwrap($string) { $length = strlen($string); for ($i=0; $i<=$length; $i=$i+1) { $char = substr($string, $i, 1); if ($char == "<") $skip=1; elseif ($char == ">") $skip=0; elseif ($char == " ") $wrap=0; if ($skip==0) $wrap=$wrap+1; $returnvar = $returnvar . $char; if ($wrap>8) // alter this number to set the maximum word length { $returnvar = $returnvar . "<wbr>"; $wrap=0; } } return $returnvar; } after using this when i try to validate my page in http://validator.w3.org i get this error Line 124, Column 38: end tag for "wbr" omitted, but OMITTAG NO was specified <td width="15%">sdfasdfsdfadfddfdfsafasd<wbr>a</td> ✉ You may have neglected to close an element, or perhaps you meant to "self-close" an element, that is, ending it with "/>" instead of ">". what is the fix for this? I am looking to create a Wish List using cookies without using MySql and without the user having to register but i don't use cookie very often and i am not sure where to start, Any ideas or help would be appreciated? Hello, I'm having trouble getting a piece of code to work and as a result right now i have bloated code on a simple task. Currently my code looks like this: Code: [Select] //convert responses into one string to check for spam $full_string = $name.' | '.$email.' | '.$message; //look for spam words if ( (stristr($full_string, 'test')) || (stristr($full_string, 'http')) || (stristr($full_string, 'www')) || (stristr($full_string, 'site')) || (stristr($full_string, 'fake')) || (stristr($full_string, 'viagra')) || (stristr($full_string, 'cialis')) || (stristr($full_string, 'asdf')) || (stristr($full_string, 'txt')) || (stristr($full_string, 'doc')) || (stristr($full_string, 'xls')) || (stristr($full_string, 'htm')) || (stristr($full_string, 'sale')) || (stristr($full_string, 'free')) ){ I would like to instead place all my 'spam' words in an array like this Code: [Select] $spam_array = array('test', 'viagra', cialis...etc If i had all my spam words in an array, how would i write an if statement to check if any of those words appeared in $full_string ? Thanks for your help! Hello, I am EXTREMELY new to PHP, and coding in general. I have attempted to search for an answer to this already, but I'm not sure I'm using terminology that will lead me to an solution, as I haven't come up with much. I'm hoping that someone can provide some assistance, or at least point me in the right direction for some reading. What I am trying to do it search a string for a match to any of 12 words. I'm wondering if there is a smarter way to do this than coding 12 different lines, each one looking for a specific word. If you can point me in the right direction, then thank you very much =) Hello there, I am pretty new to php and I was wondering if anyone can give me some input. Basically I am creating a search engine where I can search for words in certain files. I am trying to search using two or more words for instance a file may have the sentence 'the cat ran across the road', and another file has 'the road is long'. I would like to search 'cat road', and have these two files show up with each word highlighted. At the moment 'cat road' is being searched as just one string. I have exploded the keyword, and i have broken the array into separate words but for some reason it is still not searching. Again I would appreciate any feedback. Just to show you a bit of my code to explain: if(!empty($_GET['keyword'])) { $user_input = trim($_GET['keyword']); $user_input = preg_replace("/ {2,}/", " ",$user_input); $keyword = explode(" ", $user_input); for($i=0;$i<count($keyword);$i++) { echo("$keyword[$i]\n"); } $keyword = $_GET['keyword']; } Thanks for your time, Farha for some reason my code only posts the first word of the username even tho the last names are in the database. www.checkmyweave.co.uk/new/dropdown.php dropdown.php Quote <?php mysql_connect("localhost","****","****"); mysql_select_db("checkmyw_database") or die("Unable to select database"); ?> <form action="/new/dropdown2.php" Method="POST"> User:<select name="username"> <?php $result = mysql_query("SELECT * FROM members") or die(mysql_error()); while($row = mysql_fetch_array( $result )) { echo "<option value=".$row['username'].">"; echo $row['username']."</option>"; } ?> </select> <form action="/new/dropdown2.php" METHOD="POST"> <input type = "submit" value="New!"> </form> dropdown2.php Quote <?php $username=$_POST["username"]; echo $username ; ?> Im wanting to not allow people to post any links in the comments section of a form (spammers) and have created a comma delimited list of essentially of every known domain name extension. To apply the filter I have the following code: Code: [Select] $WordAllowed = true; $BannedWords = explode(",", ReadDB($Options["ban_words"])); if (count($BannedWords)>0) { $checkComment = strtolower($_REQUEST["comment"]); for($i=0;$i<count($BannedWords);$i++){ $banWord = trim($BannedWords[$i]); if (trim($BannedWords[$i])<>'') { if(preg_match("/".$banWord."/i", $checkComment)){ $WordAllowed = false; break; } } } } if($WordAllowed==false) { $SysMessage = $OptionsLang["Banned_word_used"]; } else { Insert into my table I could have sworn this was working last time I was in this code but recently checking it again it is blocking pretty much everything claiming a banned word is used. The only thing I can get to post is 'lol'. Trying funny phrases like: first! or Great information, thanks, this is a test of the comment section, etc....they all get flagged Can anyone with fresh eyes assist? Im weary and frustrated and its been forever since I wrapped my head around this. My banned word list: Code: [Select] www,http,com,org,.aero,.asia,.biz,.com,.coop,.edu,.gov,.info,.int,.jobs,.mil,.mobi,.museum,.name,.net,.org, .pro,.tel,.travel,.xxx,.a,.bitnet,.ac,.ad,.ae,.af,.ag,.ai,.al,.am,.an,.ao,.aq,.ar,.as,.at,.au,.aw,.az,.ba,.bb,.bd,.be,.bf,.bg ,.bh,.bi,.bj,.bm,.bn,.bo,.br,.bs,.bt,.bv,.bw,.by,.bz,.ca,.cc,.cf,.cg,.ch,.ci,.ck,.cl,.cm,.cn,.co,.com,.cr,.cs,.cu,.cv,.cx,.cy,.cz ,.de,.dj,.dk,.dm,.do,.dz,.ec,.edu,.ee,.eg,.eh,.er,.es,.et,.fi,.fj,.fk,.fm,.fo,.fr,.fx,.ga,.gb,.gd,.ge,.gf,.gh,.gi,.gl,.gm,.gn ,.gov,.gp,.gq,.gr,.gs,.gt,.gu,.gw,.gy,.hk,.hm,.hn,.hr,.ht,.hu,.id,.ie,.il,.in,.io,.iq,.ir,.is,.it,.jm,.jo,.jp,.ke,.kg,.kh,.ki,.km ,.kn,.kp,.kr,.kw,.ky,.kz,.la,.lb,.lc,.li,.lk,.lr,.ls,.lt,.lu,.lv,.ly,.ma,.mc,.md,.mg,.mh,.mil,.mk,.ml,.mm,.mn,.mo,.mp,.mq,.mr, .ms,.mt,.mu,.mv,.mw,.mx,.my,.mz,.na,.nc,.ne,.net,.nf,.ng,.ni,.nl,.no,.np,.nr,.nt,.nu,.nz,.om,.org,.pa,.pe,.pf,.pg,.ph, .pk,.pl,.pm,.pn,.pr,.pt,.pw,.py,.qa,.re,.ro,.ru,.rw,.sa,.sb,.sc,.sd,.se,.sg,.sh,.si,.sj,.sk,.sl,.sm,.sn,.so,.sr,.st,.su,.sv, .sy,.sz,.tc,.td,.tf,.tg,.th,.tj,.tk,.tm,.tn,.to,.tp,.tr,.tt,.tv,.tw,.tz,.ua,.ug,.uk,.um,.us,.uy,.uz,.va,.vc,.ve,.vg,.vi,.vn,.vu,.wf, .ws,.ye,.yt,.yu,.za,.zm,.zr,.zw Thanks in advance for any help Hello, I'm working on a file upload/download setup. I want the MySQL table to be arranged like so: id----int(11)----primary key Filename----varchar(30) Keyword1----varchar(30) Keyword2----varchar(30) Description----text DateAdded----timestampCURRENT_TIMESTAMP Type----varchar(30) Size----int(11) Content----mediumblob My question is; Is there a way to make the users select their keywords from a predetermined list (i.e. a dropdown menu) rather than letting them just punch in whatever keywords they want? Hello! Hello, Basically, What I'm looking for would be for a method of blocking certain email addresses from being submitted in a form, I need it to block certain emails that are on the list. I think the best way to describe it would be a form submission blacklist that is checked before it gets submitted. Many thanks Hi there, I have a newsletter sign up form which just puts the data (id and email) into a mysql table. To stop people hacking the site, is there a way to make sure the only thing being submitted in the input is an email address? Here's my current form and submit php: Code: [Select] <?php $mailer = $_GET['mailer']; if ($mailer == 'added') { $email=$_POST['email']; if($email == '') { echo '<div class="daily_not_submitted"><span style="padding-right:6px;"><img src="https://store.huhmagazine.co.uk/images/cross.jpg"></span>Please fill in all the fields.</div>'; }else { $sql="INSERT INTO `dailymailer` (`email`) VALUES ('$email');"; $result=mysql_query($sql) or die(mysql_error()); if($result){ echo "<div class='daily_submitted'><span style='padding-right:6px;'><img src='http://www.huhmagazine.co.uk/images/uploaded/checkboxtick.jpg'></span>Thank you.</div>"; } else { echo "Error\n"; } } } ?> <div id="sidebarnewsletter"> <form name="mailinglist" method="post" action="?mailer=added"> <input type="text" name="email" class="sidebarnewsletter" placeholder="Enter Your Email Address" /> <input type="submit" class="sidebarnewsletter_button" value="Sign Up"> </form> <div class="clear"></div> </div> I am trying to filter characters that get submitted into forms and than database. I have been paying with trim function $string = $_POST[name]; $newstring = trim($string,"W"); echo "$newstring"; but it does not seem to do what I really need. If I enter name World I do get "orld" back, but what if I want to filter out W (or w) and L (or l) to get "ord". I am mainly going after removing ' " ; : . > , < - _ ( ) * & ^ % $ # @ ! \ | / ? I know there is a different way to do it, but it has been long tome since I have seen it, and I do not know where. Thanks for your help I'd like to edit specific parts of a submitted text what is the best way to do this? For example I get the following text: [name country] is very cold this time of year. Because I like the cold I would love to live there [end of line 2] whole lot more text here until [name country] if this text here exists, blabla [but Germany] is blabla [end of line] in some cases some more text here [summary] bla bla The text in the brackets are words that I already know before it has been submitted. Getting the words out has been part of my previous script, using preg_match and put them in variables. I want to put the first portion of the text in a row, if 2nd, 3rd and 4th portion exist, put them in a row too. Any ideas? [edited] I prefer to have these portions cut out and put in a variable. So I end up having a few variables and can later echo that out in rows Edited by dde, 18 January 2015 - 04:01 AM. I've got a BIG problem... When a user submits my form it works fine, displays a "Transaction Success/Failed", and e-mails me a confirmation. However, if the user then navigates to another page (e.g. "Home"), and then clicks their browser's "Back" button, my form gets re-submitted?! This is on a VPS, but I just chatted with server support and they are saying, Quote register_globals = Off So what is going wrong?! Debbie I now know how to append GET over normal hyperlinks, but I don't know how to do it with form submissions. Here's the problem: I have a form like this one: <form method="GET" action=""> <?php require_once ('sort_category_func.php'); $switch = 1; sort_category ($switch); ?> + Most Liked <input type='checkbox' value='mostLiked' name='mostLiked' /> <br /> <input type="submit" name="sortSubmit" value='Go' /> <br /><br /> </form> And the variables: // DROP DOWN MENU VARIABLES $select_category = $_REQUEST['sort_category']; $most_liked = $_GET['mostLiked']; I'm using a while loop to list user submission, you can also sort them by category which works over GET, this works as long as there is no GET data already in the URL, but as soon as there is GET data it won't work anymore. Here's an example: If I have a user profile page opened like this: profile.php?user=konopkov And a category has been chosen to sort the user's submissions the URL will change to: profile.php?sort_category=Logos INSTEAD it should be: profile.php?user=konopkov&sort_category=Logos As I said I know how to achieve this with hyperlinks now, but I have no clue how do it with form submissions. Any suggestions? Thanks. Up until now, I have been writing Forms that submit back to themselves. Now I want to break up my code. I usually have this PHP at the top of my forms... Code: [Select] <?php // ******************************************** // HANDLE FORM. * // ******************************************** if ($_SERVER['REQUEST_METHOD']=='POST'){ // Form was Submitted (Post). If I change my Form Action to point to another script, will this code work in that new script?? (In other words, will Script_B be able to detect $_SERVER['REQUEST_METHOD']=='POST' ??) Thanks, Debbie To execute code on successfully submitting text input, is this "bare minimum" code secure enough?
if(!empty($_POST["textfield_input"])) { ...or is it best to make sure all 4 of these are confirmed:
if (
The html portion is simply: I've searched on the net about this several times, and see different answers, and it looks like each PHP expert has their favorite.... but I would rather know the "best practices" answer to this. Thank you!!
Edited November 5, 2019 by StevenOliver Hi There, Is there any way that when a user submits a form, but places a link inside - for example: It is located at this location: http://mylink.com Is there any way that PHP can pick up the fact that there is a link there and tag it correctly so it is clickable? Cheers Matt I want the script to check if something already has been submitted into the database before the submission, I tried it to do it with num_rows, but I'm encountering a problem. Here's the script: $con_submit = $_POST['submit']; $user_id = $_SESSION['user_id']; if ($con_submit && isset($user_id)) { $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); // POST variables $knuffix_name = strip_tags(trim($_POST['knuffix_name'])); $knuffix_contribution = $_POST['knuffix_contribution']; $knuffix_category = strip_tags(trim($_POST['sort_category'])); $query = sprintf("SELECT * FROM con WHERE contribution = '%s'", mysqli_real_escape_string($dbc, $knuffix_contribution)); $query_run = mysqli_query ($dbc, $query) or die (mysqli_error ($dbc)); $num_rows = mysqli_num_rows ($query_run) or die (mysqli_error ($dbc)); // $assoc = mysqli_fetch_assoc ($query_run) or die (mysqli_error ($dbc)); echo "num rows" . $num_rows; // and then as an example: if ($num_rows == 0) { // run INSERT INTO script } } When there are entries in the database then num_rows will return me the amount of entries in the echo, BUT if there are ZERO entries, then nothing will happen, and that is because of the query. Since the query looks as follows: Code: [Select] SELECT * FROM con WHERE contribution = '$variable_post_submission' Which means if there's no entry in the database at all, then the query has nothing to select, which again makes the rest of the script NOT work. Which means that num_rows does not return any value, the echo will not even get printed out. But I on the other hand would like num_rows to return zero and have the script continue by INSERTING the submitted data into the database. Any ideas how I could accomplish this? |
|||||||