PHP - My Input Check Is Not Catching...
I did not post this in Regex because I do not believe it is a problem with the preg_match.
My input check on the username length works without any problems, however the check to make sure the user only uses a-z and whitespace does not work. I am not sure why and I am new to PHP. Should I setup the input check differently? The error code is never displayed if I input "!@*(#(!$)$@(" and it will not stop that from being submitted. Any help is GREATLY appreciated!! Code: [Select] if(strlen(trim($_POST['name'])) > 15 || strlen(trim($_POST['name'])) < 1) { $errors[] = $lang['No name']; } if(preg_match('/[^a-z]\s/i', $_POST['name'])) { $errors[] = $lang['Invalid char']; } Similar TutorialsIn the form below how do I alter the code so when someone types something into the email that is clearly not recognized an an email address it either asks the customer to recheck or fails
<tr> <td align="right"><?php echo $LANG['index_email_add']; ?> </td> <td>:</td> <td align="left"> <input name="email" type="text" id="email" required></td> </tr> <tr> <td align="right"><?php echo $LANG['index_pass'] ; ?></td> <td>:</td> <td align="left"><input name="password" type="password" required id="password"></td> </tr> <tr> <td align="right"><?php echo $LANG['postcode'] ; ?> </td> <td>:</td> <td align="left"><input class="input" id="geocomplete" type="text" placeholder="<?php echo $LANG['index_location']; ?>" name="address" required> <input name="action" type="hidden" id="action" value="joinNow" /></td> </tr>The problem I have is that any data can be added to the 3 fields and by anything even using !@#$%^&*():"{}';<>., How do I prevent those special characters from being used. When it asks for email I can enter ; When it asks for password I can enter ' and last PostCode I can enter: ] How to prevent this from happening? Thanks Code: [Select] if ($ibforums->input['display1'] == "1"){ // }else{ $std->Error2("You're being Nawty!"); } Ok, this works fine. If they submit anything other then "1" for that input it shows "you're being nawty" but I want it to beable to be anything besides 1 or 0 so I added Code: [Select] if ($ibforums->input['display1'] == "0" OR "1"){ // }else{ $std->Error2("You're being Nawty!"); } and it still let's me submit anything...... i only want my $ibforums->input['display1'] to accept 1 or 0 as a input!!!! I don't want any hackers submitting other input values for this field! any help?! Hi i would like to know what is the best way to check if a textarea or an input box is empty. Is the empty function effective? I have a register script, and I am wanting to make it so that if the username field contains, lets say "mod", "ass", and more, then it'll return an error and wont let them register. Code Gurus' Salute, Please I wanna catch this image upload exception without it bringing out this: "Warning: getimagesize() [function.getimagesize]: Filename cannot be empty in C:\xampp\htdocs", Actually, I set the image size to be 32kb abd 120x120 pix. If anything varies from the above description it would not be uploaded, but it brings out "Your picture must be a GIF, JPEG, or PNG image file no greater than 32 KB and 120x120 pixels in size." alongside with that above error. Please gents how do I implement this exception without that warning signal? So basically I have a function that grabs a daily bible scripture via an rss feed. For whatever reason, it is offline today and I was greeted with a huge paragraph of errors and the bottom part of my page not rendering. Here is the function: Code: [Select] <?php function scripture(){ function fetchXML($url) { $ch = curl_init(); $useragent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"; curl_setopt ($ch, CURLOPT_URL, $url); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($ch, CURLOPT_USERAGENT, $useragent); //get data $data = curl_exec($ch); curl_close($ch); return $data; } define("USE_CURL", true); $url = "http://www.mybiblescripture.com/rss/bible.php?fmt=daily&trans=KJV"; //get xml doc with info $data = fetchXML($url); //create a SimpleXML object to parse the xml $char_xml = new SimpleXmlElement($data); $scripture_a=$char_xml->channel->item->description; $scripture_b=$char_xml->channel->item->title; echo $scripture_a . '<br><b>'. $scripture_b. '</b>'; } ?> And here is the nasty error I receive due to the url being offline: Code: [Select] Fatal error: Uncaught exception 'Exception' with message 'String could not be parsed as XML' in /path/lbcfunc.php:21 Stack trace: #0 /path/lbcfunc.php(21): SimpleXMLElement->__construct('') #1 /path/index.php(31): scripture() #2 {main} thrown in /path/lbcfunc.php on line 21 I have 0 experience in catching exceptions and unsure where to start. I would like to try and just echo: "No Bible Scripture Found" as a friendly message instead I guess. thanks. Hello, I have domain "A" coming with a wehosting and a domain "B" , it's DNS is redirected to domain "A". Now I'm solving how to catch the url (domain name) of "B", that is redirecting to me. Is it possible throught PHP ? Thak you Hello All: Trying to work with PHP on a contact form with a jQuery Validation to make certain that the visitors fill out the required information. I'll try to show everything that I have, and then the error I am getting when the visitor hits "submit." I don't know PHP all that well, and trying to learn my way through it. I used a couple of tutorials to add the features I needed and did my own styling on the live site. Here is the PHP that is currently in the header of my markup: <?php //If the form is submitted if(isset($_POST['submit'])) { //Check to make sure that the First name field is not empty if(trim($_POST['firstname']) == '') { $hasError = true; } else { $firstname = trim($_POST['firstname']); } //Check to make sure that the Last name field is not empty if(trim($_POST['lastname']) == '') { $hasError = true; } else { $lastname = trim($_POST['lastname']); } //Check to make sure that the Street Address 01 field is not empty if(trim($_POST['street01']) == '') { $hasError = true; } else { $street01 = trim($_POST['street01']); } //If Street02 is filled out, give it a value $street02 = $_POST['street02']; //Check to make sure that the City field is not empty if(trim($_POST['city']) == '') { $hasError = true; } else { $city = trim($_POST['city']); } //Check to make sure that the State field is not empty if(trim($_POST['state']) == '') { $hasError = true; } else { $state = trim($_POST['state']); } //Check to make sure that the Zip field is not empty if(trim($_POST['zip']) == '') { $hasError = true; } else { $zip = trim($_POST['zip']); } //If Email is filled out, give it a value $email = $_POST['email']; //If Telephone is filled out, give it a value $telephone = $_POST['telephone']; //Default Subject Value $subject = "VMC Inquiry"; //Check checkboxes foreach($_POST['check'] as $value) { $check_msg = "Checked: $value\n"; } //If Message is filled out, give it a value $comment = $_POST['comment']; //If there is no error, send the email if(!isset($hasError)) { $emailTo = 'xxxx.xxxx@gmail.com'; //Put your own email address here $body = "Name: $firstname $lastname \n\nStreet Address: $street01 \n\nStreet Address*: $street02 \n\nCity: $city \n\nState: $state \n\nZip: $zip \n\nEmail*: $email \n\nTelephone*: $telephone \n\nCheck Box: $check_msg \n\nMessage:\n $comment"; $headers = 'From: XXXXX <'.$emailTo.'>' . "\r\n" . 'Reply-To: ' . $email; mail($emailTo, $subject, $body, $headers); $emailSent = true; } } ?> So basically I am using classes to say whether or not something is required, which ties into the jQuery validation. If it isn't required, whatever the visitor types into the box is put into something like "$telephone" which is then printed in the e-mail. The markup for the forms in the body is the following: Code: [Select] <p class="contact-text-right">For more information, or to have a list of our properties mailed to you, please fill out the form below.</p> <div id="contact-wrapper"> <?php if(isset($hasError)) { //If errors are found ?> <p class="error">Please check if you've filled all the fields with valid information. Thank you.</p> <?php } ?> <?php if(isset($emailSent) && $emailSent == true) { //If email is sent ?> <p class="accept"><strong><?php echo $firstname;?>,Your Email Successfully Sent!</strong></p> <?php } ?> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" id="contactform"> <div id="names"> <label for="firstname"><strong>First Name:</strong></label> <input type="text" name="firstname" id="firstname" value="" class="required" /> <label for="lastname"><strong>Last Name:</strong></label> <input type="text" name="lastname" id="lastname" value="" class="required" /> </div> <div id="address01"> <label for="street01"><strong>Street Address:</strong></label> <input type="text" name="street01" id="street01" value="" class="required" /> </div> <div id="address02"> <label for="street02"><strong>Street Address*:</strong></label> <input type="text" name="street02" id="street02" value="" /> </div> <div id="city"> <label for="city"><strong>City:</strong></label> <input type="text" name="city" id="city" value="" class="required city" /> <label for="state"><strong>State:</strong></label> <input type="text" name="state" id="state" value="" class="required state" /> <label for="zip"><strong>Zip Code:</strong></label> <input type="text" name="zip" id="zip" value="" class="required zip" /> </div> <div id="email"> <label for="email"><strong>E-mail*:</strong></label> <input type="text" name="email" id="email" value="" class="email"/> <label for="telephone"><strong>Telephone*:</strong></label> <input type="text" name="telephone" id="telephone" value="" class="telephone" /> <p class="bottom">*Optional fields.</p> </div> <div class="checkbox"> <p><input type="checkbox" name="check[]" value="properties">XXX</p> <p><input type="checkbox" name="check[]" value="contact-regarding">XXXX</p> <p class="indent">(Please list properties or ask specific questions in the space below.)</p> </div> <div id="comment"> <label for="comment"></label> <textarea name="comment" id="comment" ></textarea> </div> <div id="button"> <input type="submit" value="Send Message" name="submit" /> </div> </form> All seems well until I hit submit on the live site. I think get this error returned to me: Warning: Invalid argument supplied for foreach() in ......./html/development/contact.php on line 64 The e-mail goes through, with all the information, no problems! I just can't get this error message to go away. Line 64 of contact.php is where the checkbox coding is: //Check checkboxes foreach($_POST['check'] as $value) { $check_msg = "Checked: $value\n"; } I know I've submitted a lot of code here, and tried to narrow you down to the exact spot I think the problem is, but hopefully some of you PHP gurus can pick out the flaw in a heartbeat. I really appreciate all the help. B Here are my smileys: // Here you can add additional smilies if you like (please note that you must escape single quote and backslash) $smilies = array( ':)' => 'smile.gif', ';)' => 'wink.gif', ':(' => 'sad.gif', ':mellow:' => 'mellow.gif', ':(' => 'sad.gif', ':angry:' => 'mad.gif', ':cry:' => 'cry.gif', ':banana:' => 'banana.gif', ':locked:' => 'dancinglock.gif', ':hug:' => 'hug.gif', ':bonk:' => 'bangin.gif', ':love:' => 'heart2.gif', '<3' => 'heart.gif', ':blush:' => 'blush.gif', ':p' => 'tongue.png', ':lol:' => 'lol.png', ':mad:' => 'mad.png', ':rolleyes:' => 'roll.png', ':cool:' => 'cool.png');And here is the function to convert them to images using preg_replace function do_smilies($text) { global $smilies; $text = ' '.$text.' '; foreach ($smilies as $smiley_text => $smiley_img) { if (strpos($text, $smiley_text) !== false) $text = preg_replace('%(?<=[>\s])'.preg_quote($smiley_text, '%').'(?=[^\p{L}\p{N}])%um', '<img src="/img/emoticons/'.$smiley_img.'" alt="'.$smiley_text.'">', $text); } return substr($text, 1, -1); }All of them are being replaced except for '<3', why? I tried: \<3AND <\3to see if I needed to escape the left carrot (<), but still no luck. Edited by Monkuar, 10 January 2015 - 12:19 AM. I'm sure it's not much, but I'm not understanding something with custom error handlers: I've created a custom error handler, which I initially set when my page loads : set_error_handler(array ( new ErrorHandler(), 'handleError' ));
It seems to catch all internal PHP errors, such as if I: var_dump($non_existing_var); right after the set_error_handler.... Now, I have an object that throws an exception after: set_error_handler(array ( new ErrorHandler(), 'handleError' )); $locale = new \CorbeauPerdu\i18n\Locale(...); // this should throw an exception ... I thought that with an error handler set, I could 'skip' the try/catch for it, but doing so, PHP spits out in its internal log: PHP Fatal error: Uncaught CorbeauPerdu\i18n\LocaleException: ....
My error handler doesn't catch it at all before, thus my page breaks!! If I want it to go through the error handler, I have to init my Locale with a try/catch and use trigger_error() like so: set_error_handler(array ( new ErrorHandler(), 'handleError' )); try { $locale = new \CorbeauPerdu\i18n\Locale(...); // this should throw an exception } catch(Exception $e) { trigger_error($e->getMessage(), E_USER_ERROR); } ... Is this normal ? I thought one of the goals of the error_handler was to catch anything that wasn't dealt with? Thanks for your answers! I am writing a script that will parse my PHP classes and check for things like coupling, visualize my objects and connections, dependencies, check for convention usage, etc.
So, I have a simple file upload. I'm never saving the files, just get contents and dump the file and work with the string version.
I'm writing it for me, but I figure I might want to open it for others to use in the future, so I may as well write it that way to begin with -- so I need to validate user input. Problem is, the user input is supposed to be valid PHP code. I'm thinking that, as long as I'm careful, I shouldn't be executing any code contained in strings, but I'm no security expert and I want a warm fuzzy that my thought on this is correct. What kinds of things do I need to look out for? Is it possible to inject when working with strings?
My initial thought is to regex the entire file and replace key portions with known replacements. So ( and ) would become !* and !^ or $ would become @~ (combinations that -- I think -- don't make sense to php?) But that may be completely unnecessary processing time if I'm not in any danger, here. Thanks ahead of time for any help.
PS - as a side question -- what's the best way to verify a file is a php file? I know of getimagesize for images, but should I just check for <? to verify it's php? That seems like it would be too easy to fool -- then again, it might not matter much.
-Adam
I hope I can explain what is happening. I have created two forms in PHP. The first 'almost' works, i.e. it shows the data. But I have two problems - 1) the second pulldown menu is always empty and 2) $value from the first pulldown menu ALWAYS equals the last entry thus the last 'if' in the function subdomains ($domains) is always called (but still empty). The code may explain this better than me:
<!DOCTYPE html> <html> <body> <!-- processDomains.php is this file - it calls itself (for testing purposes so I can see what is happening) --> <form action="processDomains.php" method="post"> <?php // create the domains array (there are actually several entries in the array but I cut it down for testing) $domains = array (1 => 'Decommission', 'Migration'); echo "Select Domain:"; echo "<br>"; // Make the domain pull-down menu - this displays correctly echo '<select name="domain">'; foreach ($domains as $key => $value) { echo "<option value=\"$key\">$value</option>\n"; } echo '</select>'; // input doesn't matter what is 'submitted', always goes to last $value echo '<input type="submit" name="submit" value="Submit">'; // call function subdomains subdomains ($value); function subdomains ($domains) { // define values for each array - each array contains available choices for the subdomain pulldown menu $migration = array (1 => 'Application Migration', 'Application Patch', 'Application Upgrade'); $decommission = array (1 => 'Applications', 'Servers', 'Storage'); if ($domains === 'Migration') { echo "Select subdomain:"; echo "<br>"; // Make the Migration pull-down menu echo '<select name="migration">'; foreach ($migration as $key => $value) { echo "<option value=\"$key\">$value</option>\n"; } echo '</select>'; } else if ($domains === 'Decommission') { /* === * since 'Decommission' is the last entry in the 'Domains' pulldown list, $value ALWAYS equals * 'Decommission' and $domains equals $value. So this menu SHOULD work but is always * empty. Thus, two problems - the pulldown menu is always empty and $value isn't based * upon user input. */ echo "Select subdomain:"; // this prints so I know I'm in 'Decommission (I eliminated the echo "$domain" to show I'm always coming here)' echo "<br>"; // Make the 'Decommission' pull-down menu echo '<select name="decommission">'; foreach ($decommission as $key => $value) { echo "<option value=\"$key\">$value</option>\n"; } echo '</select>'; echo '<input type="submit" name="submit" value="Submit">' ) // end of 'if-else' } // end of function 'subdomain' ?> </form> </body> </html>Let me say thank you in advance and I appreciate the help! I know I'm doing something (or more than one thing) wrong and I hope someone can tell me what it is. Best Regards! Edited by mac_gyver, 19 January 2015 - 09:37 PM. code tags around posted code please I have a calendar select date function for my form that returns the date in the calendar format for USA: 02/16/2012. I need to have this appear as is for the form and in the db for the 'record_date' column, but I need to format this date in mysql DATE format (2012-02-16) and submit it at the same time with another column name 'new_date' in the database in a hidden input field. Is there a way to do this possibly with a temporary table or something? Any ideas would be welcome. Doug Hi people, I really hope you guys can help me out today. I'm just a newbe at php and i'm having real trouble. Bassically all I want to do is have a user type in a company name in a html form. If what the user types in the form matches the company name in my php script i want the user to be sent to another page on my site. If what the user types in the form doesnt match the company name in my php script i want the user to be sent to a differnt page like an error page for example. this is my html form: Code: [Select] <form id="form1" name="form1" method="post" action="form_test.php"> <p>company name: <input type="text" name="company_name" id="company_name" /> </p> <p> <input type="submit" name="button" id="button" value="Submit" /> </p> </form> And this is the php code I'm trying to process the information on: Code: [Select] <?php $comp_name = abc; if(isset ($_POST["company_name"])){ if($_POST["company_name"] == $comp_name){ header("Location: http://www.hotmail.com"); exit(); } else{ header("Location: http://www.yahoo.com"); exit(); } } ?> The thing is i'm getting this error when i test it: Warning: Cannot modify header information - headers already sent by (output started at D:\Sites\killerphp.com\form_test.php:10) in D:\Sites\killerphp.com\form_test.php on line 17 Please can some one help me out, i'm sure this is just basic stuff but i just cant get it to work Cheers. ok so i can get this to work so i want to check if there is a video on inside my db if there is no video and nothing happens but if there is i want it to echo video Code: [Select] <?php if($video == ""){ }else{ echo "VIDEO"; } ?> Suppose i have a table with around 10 entries in which one column contains the id and the second column contains a checkbox... If a checkbox a selected and the button (below the table) is pressed then i want to delete the columns corresponding the checked checkboxes.... I am not getting how sgould i pass the get variable on the link of the button??? -Pranshu Agrawal pranshu.a.11@gmail.com Hello, I have created a little voting script for my site. The insertion code into the MySQL databse when they vote is very simple: $ipaddress = addslashes($_POST['ipaddress']); $theid = addslashes($_POST['theid']); $gamert = addslashes($_POST['gamert']); $serveron = addslashes($_POST['serveron']); $db = mysql_connect("localhost", "username", "password"); mysql_select_db("thedb",$db); mysql_query ("INSERT INTO voting (theid,ipaddress,gamert,serveron2) VALUES ('$theid','$ipaddress','$gamert','$serveron') "); Obviously I only want them to be able to vote once. What is the best way to do a check of the IPs already in the database and check against theirs before submitting? Thanks. Hello their, I'm wanting to use PHP to check to see if a username and password match a remote RDP server. The reason I ask is because I want to verify that the information the user is giving is correct. I'm looking though LDAP but I have no idea what I'm looking for. To recap, I would like to login to a RDP server and return a result based on if it completed. Thank-you for reading Paul P.S Sorry for the bad English, I seemed to forgot how to spell some words and have had to replace them with longer sentences I am unable to execute mysql_num_rows properly in this program. Code: [Select] <?php $link=mysql_connect("localhost","root",""); $db = mysql_select_db("myDB",$link); $result = mysql_query("SELECT * FROM jobs WHERE jobType=abc"); $num = mysql_num_rows($result); echo "Found $num records"; ?> error is mysql_num_rows() expects parameter 1 to be resource |