PHP - How To Stop Users Submitting Blank Spaces?

Hi,

I'm pretty new to this, so apologies if there's some simple solution/misunderstanding.

It seems to me that when the user uploads a file, PHP pulls in the file into the temporary directory and then you can query it using the $_FILES array. Assuming I am correct so far, I have two questions:

1. Is there anyway to prevent the upload to the temporary folder based on file size? Seems to me a good way to overload a server to upload 10GB files, even if they are picked up as "errors" and deleted from the temp folder.

2. How long do files stay in the temporary folder? Does PHP delete them automatically, and if so, when?

Thanks.

Hi ppl

got code problem cant get it show users avatar & blank avatar at same time not that good at
php ppl.

avatar box page

Code: [Select]
<style type="text/css">
#name_area{height:20px; padding:3px;};
</style>
<script language="javascript">
<!--
function member_change(id){
<?php
$allgames = mysql_query("SELECT * FROM games") or die (mysql_error());
$allgames_total = @mysql_num_rows($allgames);
if($allgames_total!=0)
{
$i=0;
while($i<$allgames_total)
{
?>
document.getElementById('<?php echo mysql_result($allgames, $i, 'game_id'); ?>').style.display = "none";
<?php
$i++;
}
}
?>
document.getElementById(id).style.display = "block";
}
function show_name(name){

document.getElementById('name_area').innerHTML = name;
}
function hide_name(){
document.getElementById('name_area').innerHTML = '';
}
//-->
</script>

<div style="text-align:left;">
Choose Squad: <select name="D1" onchange="member_change(this.options[this.selectedIndex].value)" class="standardforms">
<?php
$allgames = mysql_query("SELECT * FROM games") or die (mysql_error());
$allgames_total = @mysql_num_rows($allgames);

if($allgames_total!=0)
{
$i=0;
while($i<$allgames_total)
{
$game = mysql_result($allgames, $i, 'game_title');
$members_total2 = mysql_num_rows(mysql_query("SELECT * FROM members WHERE game = '$game'"));

if($members_total2!=0)
{
?>
<option value="<?php echo mysql_result($allgames, $i, 'game_id'); ?>"><?php echo mysql_result($allgames, $i, 'game_title'); ?></option>
<?php
}
$i++;
}
}
?>
</select><br /><br />
</div>
<?php
$allgames = mysql_query("SELECT * FROM games") or die (mysql_error());
$allgames_total = @mysql_num_rows($allgames);
if($allgames_total!=0)
{
$i=0;
while($i<$allgames_total)
{
$game = mysql_result($allgames, $i, 'game_title');
$members = mysql_query("SELECT * FROM members WHERE game = '$game'");
$members_total = @mysql_num_rows($members);

if($allgames_total!=0)
{
?>
<div id="<?php echo mysql_result($allgames, $i, 'game_id'); ?>" style="display: block; text-align:left;">
<?php

if($members_total!=0)
{
$d=0;
while($d<$members_total)
{

?>
<a href="index.php?page=members&amp;id=<?php echo mysql_result($members, $d, 'id'); ?>"><img onmouseover="show_name('<?php echo mysql_result($members, $d, 'username'); ?>')" onmouseout="hide_name()" src="user/<?php

  echo mysql_result($members, $d, 'avatar_link');

$filename = 'avatar_link';

if (file_exists($filename)) {
     echo "avatar_link";
} else {
     echo "avatars/blank.jpg";
}


?>" width="50" height="50" alt="<?php echo mysql_result($members, $d, 'username'); ?>" title="<?php echo mysql_result($members, $d, 'username'); ?>"/></a>
<?php
$d++;
}
}
}
echo "</div>";
$i++;
}
}
?>
<div id="name_area"></div>

...added to an error log? Currently, my coding is as follows:

Form to gather data:
Code: [Select]
<html><head><title>Car Accident Report Form</title></head>
<form action="errorlog.php" method="post">
First Name: <br><input type="text" name="name"><br>
Surname:<br> <input type="text" name="surname"><br>
Age: <br><input type="text" name="age"><br>
Weeks Since Accident: <br><input type="text" name="weeks"><br>
<input type="submit" value="Submit">
</form>

Coding for error log:
Code: [Select]
<html><head><title>Validating Car Accident Report Form Details</title></head>
<?php
$name=$_POST["name"];
$surname=$_POST["surname"];
$age=$_POST["age"];
$weeks=$_POST["weeks"];
$subtime = strftime('%c');
$pass = "The details uploaded are fine<br><br>";
if ((((trim($name)="" && trim($surname)="" && trim($age)="" && trim($weeks)=""))))
{
echo "It seems that you have not entered a value for the Name, Surname, Age or Weeks fields. This has been added to the error log.<br><br>";
error_log("<b><u>Error</b></u><br>The user has not entered any values", 3, "C:/xampp/htdocs/errorlog.txt");
}
if (($age<18)&& ($weeks<=1))
{
echo "It seems that you have entered an invalid age and number of weeks since the accident. This has been added to the error log.<br><br>";
error_log("<b><u>Error</b></u><br>The user has entered an age that is below 18 and the number of weeks since the accident is equal to or under 1 week!<br>Age entered:" . $age . "<br>Number Of Weeks Since Accident entered:" . $weeks . "<br>Time that form was submitted:" . $subtime . "<br><br>", 3, "C:/xampp/htdocs/errorlog.txt");
} 
else if ($age<18)
{
echo "It seems that you have entered an invalid age. This has been added to the error log.<br><br>";
error_log("<b><u>Age Error</b></u><br>The user has entered an age that is below 18!<br>Age entered:" . $age . "<br>Time that form was submitted:" . $subtime . "<br><br>", 3, "C:/xampp/htdocs/errorlog.txt");
}
else if ($weeks<=1)
{
echo "It seems that you have entered an invalid age number of weeks since the accident. This has been added to the error log.<br><br>";
error_log("<b><u>Week Error</b></u><br>The user has entered a number of weeks since the accident that is equal to or under 1 week!<br>Number Of Weeks Since Accident entered:" . $weeks . "<br> Time that form was submitted:" . $subtime . "<br><br>", 3, "C:/xampp/htdocs/errorlog.txt");
}
else
{
echo $pass;
}
echo "Car Accident Report Form details have been sent<br>";
echo "<a href='readlog.php'>Read Error Log</a>"
?>

</html>

How can I get it so that if a user presses the space bar in a field, then the trim function sees that there's no white space and then this gets added to the error log?

Any help is appreciated!

I have a form with PHP validation and also a mysqli query checking for duplicates in the database for mailing address and email address in mysql.     It works fine but the customers are adding spaces in the mailing address for example  111 mailing address A V  E, 1 1 1 ma iling address A V  E etc.  and my sql query doesn't see that as an address that's a duplicate.    Their alslo adding email address like my@emailaddress.com and m.y@emailaddress.com, m.y.2@emailaddress.com etc to bypass that comparision also.    Is there anyway to stop this from happening?        

Hello   I am trying to work out how many regular users I have to my site and how long those users tend to be users..   So, I have a table that logs every time a user visits my site and logs in, it stores the date / time as a unix timestamp and it logs their user id.   I started by getting the id's of any user who logs in more than 5 times in a specified period, but now I want to extend that...  

 
SELECT userID as user, count(userID) as logins FROM login_history where timestamp > UNIX_TIMESTAMP('2014-06-01 00:00:00') and timestamp < UNIX_TIMESTAMP('2014-07-01 00:00:00') group by user having logins > 5;
 

I just discovered that I have a major security flaw with my website.
Anyone who logs in to the website can easily access other users information as well as delete and edit other users information just by changing the ID variable in the address bar.
I have user ID Session started on these pages but still people can do anything they like with other users information just by editing the address bar.
For example if your logged in in the address bar of www.mywebsite.com/delete_mystuff.php?id=5 and change the "5" say to a "9" then you will have access to user#9 information.

Every important page that I have has this code:
Code: [Select]
 session_start();

if (!isset($_SESSION['user_id'])) {
// Start defining the URL.
         $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
// Check for a trailing slash.
         if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
         $url = substr ($url, 0, -1); // Chop off the slash.
}
// Add the page.
$url .= '/index.php';
ob_end_clean(); // Delete the buffer.
header("Location: $url");
exit(); // Quit the script.
} else {
                //Else If Logged In Run The Script

if((isset($_GET['id'])) && (is_numeric($_GET['id']))) {
         $id = (int) $_GET['id'];
} elseif ((isset($_POST['id'])) && (is_numeric($_POST['id']))) {
         $id = (int) $_POST['id'];
} else {
         echo ' No valid ID found, passed in url or form element';
        
         exit();
}



What am I doing wrong?
Please help if you know how to correct this.

Many thanks in advance.

ok so when my code dipsplays i get the spaces i add in the db but when i updae it dispalys this rnrnrn and its all together
Code
Code: [Select]
<?php
include "scripts/connect.php";

if(isset($_GET['edit'])){

$newid = $_GET['edit'];

$query = mysql_query("SELECT * FROM news WHERE id='$newid' LIMIT 1");
$rows = mysql_fetch_array($query);

$newstitle = $rows['title'];
$newsby = $rows['by'];
$newsbody = $rows['body'];

}

if(isset($_POST['saveedit'])){

$newid = mysql_real_escape_string($_POST['saveedit']);
$newstitle = mysql_real_escape_string($_POST['title']);
$newsby  = mysql_real_escape_string($_POST['by']);
$newsbody = mysql_real_escape_string($_POST['body']);

if ($newstitle && $newsby && $newsbody){

$query = mysql_query("UPDATE news SET title='$newstitle', 'by'='$newsby', body='$newsbody' WHERE id='$newid'") or die(mysql_error());

echo "UPDATE SUCCESFULLY!";

}else
   $msg = "<font color=red>YOU DID NOT FILL ALL OF THEM IN!</font>";
}
?>
<form action='enews.php' method='POST'>
<table>
<tr>
<td></td>
<td><?php echo "$msg"; ?></td>
</tr>
<tr>
<td>Article Title</td>
<td><input type='text' name='title' size='45' value='<?php echo $newstitle; ?>'/></td>
</tr>
<tr>
<td>By:</td>
<td><input type='text' name='by' size='30' value='<?php echo $newsby; ?>' /></td>
</tr>
<tr>
<td>Article Body</td>
<td><textarea cols='45' rows='25' name='body'><?php echo  stripslashes($newsbody); ?></textarea></td>
</tr>
<tr>
<td><input type='hidden' name='saveedit' value='<?php echo $newid; ?>'/></td>
<td><input type='submit' name='updatebtn' value='Update' /></td>
</tr>
</table>
</form>
</div>

This doesn't work:
Code: [Select]
<style type="text/css" media="all">@import url(style/'.$skin.'.css);</style>
$skin is = "Sky Blue";



If $skin is = "Sky Blue";

this works:
Code: [Select]
<link rel="stylesheet" type="text/css" href="style/Sky Blue.css">
It's because @IMPORTURL, Is there a php function that wraps a &20 for a space so it works on my $skin?

echo $first$last;

how would i add a space it comes out like this

JoeJackson
i want it like this Joe Jackson

I made a form, like guestbook, and i dont wonna to write in mysql if in comment is just 1 or more spaces, no letters or numbers or chars, just space, how can i fix that?

I have a form which has a drop down menu select box, which retrives the makes of cars from a database, which once clicked submit will go to another page post that info. Then a if statment says if the variable that has been posted == a certain word that matches the one in the database then display content. However, my issue is when I have a car make such as "Land Rover" saved in the database as typed it just comes back with the final else statement.

In the 1st section I have included the form which is posting the information across and in the second I have the if statement. Any ideas of how to get around / make this work?

[
<form method="post" action="details.php" enctype="multipart/form-data">
                              <table class="search_nav">
                                 <tr>
                                    <td>
                                       <select name="manufacture" id="manufacture">
                                          <option value=" " selected="selected">Car Manufactures&nbsp;&nbsp;</option>
                                          ';
                                          $query = "SELECT DISTINCT make FROM cars ORDER BY make ASC";
                                          $result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());                                             
                                          while ($row = @ mysql_fetch_array($result))
                                          {
                                              print '
                                                    <option value='.$row["make"].'>'.$row["make"].'</option>
                                                   ';
                                          }
                                       print '
                                    </select>
                                  </td>
                              </tr>
                              <tr>   
                                 <td colspan="2">
                                    <input type="image" src="images/go.gif" alt="Go" name="submit" id="submit" value="Submit"/>
                                 </td>
                              </tr>
                           </table>
                           </form>
]

[

if ($manufactures == "Land Rover")
               {
echo "test";

}
]

How can I block a text that contains only spaces?
Right now I have done

if ($body == "") {
die("<font color='red'><font size='15'><strong><center>Your post did not contain any text!");
}

But that's extremely insufficient, as any user can easily post "         "
Any ideas?

Hi,
I am trying to parse a html page, but i get a lot of empty spaces, please any idea how can i remove spaces, here is my text:
Code: [Select]
         
       
         
this          goes here

 

   
   
     








one line here

 







some other line here










see there is a lot of space between text,

thanks for any help

How do I get directory names to display with spaces. My script sticks them into arrays just fine, but when trying to echo from a checkbox selection, it only displays the first word. How would I fix this?

Code: [Select]
Address: 351 Hougang Ave 3 (769057)
Contact No: 6752 5513
Operating Hours: 8.00am - 9.30pm (Thursday to Tuesday & Public Holidays)
Background: Opened to the public on 30 Mar 88
Hi good day, if I paste the above address into one of the mysql field, I found out that I cannot fetch it using php. It give me a blank page.

Code: [Select]
Address: 351 Hougang Ave 3 (769057) Contact No: 6752 5513 Operating Hours: 8.00am - 9.30pm (Thursday to Tuesday & Public Holidays) Background: Opened to the public on 30 Mar 88

When I sort it together then i can see mysql working, very strange.. Can anyone help?