DssjOker
asked on
Help with validation
Hello,
I am trying to create my own form submission handler that emails request from a website. I am having trouble stripping special characters (such as /.%;'\) from the textbox at the end of my form. Should I be using the ereg(i) or str_replace? Although this script does not post to a db, I would like its data db ready just in case I ever need it too.
Thanks!
DssjOker
========================== ========== ========== =====
Code:
<?
//Post vars, I just like to do this
$company = $_POST['company'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$address = $_POST['address'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];
$phone = $_POST['phone'];
$email = $_POST['email'];
$question = $_POST['question'];
$company = stripslashes($company);
$fname = stripslashes($fname);
$lname = stripslashes($lname);
$address = stripslashes($address);
$city = stripslashes($city);
$state = stripslashes($state);
$zip = stripslashes($zip);
$phone = stripslashes($phone);
$email = stripslashes($email);
$question = stripslashes($question);
//I bummed this snippet with some mods, it looks good though
function check_email($str)
{
if(eregi("[-a-z0-9_]+[-a-z 0-9_.]*@[- a-z0-9_]+. [-a-z0-9_. ]+$",$str) )
return 1;
else
return 0;
}
//required fields
if((!fname) || (!lname) || (!email) || (!question))
{
//Error posts on contact-missing page
$error = "Please enter information into all the required fields.";
header("Location: contact-missing.php");
exit();
}
if(!check_email($email))
{
$error = "Email address format incorrect, please enter a valid email address.";
header("Location: contact-missing.php");
exit();
}
//Hopefully getting rid of some unwanted characters
$company = eregi_replace("[^a-z]+", "", $company);
$fname = eregi_replace("[^a-z]+", "", $fname);
$lname = eregi_replace("[^a-z]+", "", $lname);
$city = eregi_replace("[^a-z]+", "", $city);
$state = eregi_replace("[^a-z]+", "", $state);
$zip = eregi_replace("[^0-9]+", "", $zip);
$phone = eregi_replace("[^0-9]+", "", $phone);
//Last ditch try at replacing did not work
$patterns = "/%';\"\./";
$replace = "";
$question = preg_replace($patterns, $replace, $question);
$subject = "Website Submission Question/Info";
$message = "You have a question/problem waiting.
Company: $company
Full name: $fname, $lname
Address: $address
City, State, Zip: $city, $state, $zip
Phone: $phone
Email: $email
========================== ==
Question/Problem: $question";
$form_receipient = "youremail@domain.com";
mail($form_receipient, $subject, $message, "From: Website Contact Form<yourdomain@domain.com >\nX-Maile r: PHP/" . phpversion());
header("Location: confirm.html");
?>
Any additions, comments, errors noticed are welcome!
I am trying to create my own form submission handler that emails request from a website. I am having trouble stripping special characters (such as /.%;'\) from the textbox at the end of my form. Should I be using the ereg(i) or str_replace? Although this script does not post to a db, I would like its data db ready just in case I ever need it too.
Thanks!
DssjOker
==========================
Code:
<?
//Post vars, I just like to do this
$company = $_POST['company'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$address = $_POST['address'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];
$phone = $_POST['phone'];
$email = $_POST['email'];
$question = $_POST['question'];
$company = stripslashes($company);
$fname = stripslashes($fname);
$lname = stripslashes($lname);
$address = stripslashes($address);
$city = stripslashes($city);
$state = stripslashes($state);
$zip = stripslashes($zip);
$phone = stripslashes($phone);
$email = stripslashes($email);
$question = stripslashes($question);
//I bummed this snippet with some mods, it looks good though
function check_email($str)
{
if(eregi("[-a-z0-9_]+[-a-z
return 1;
else
return 0;
}
//required fields
if((!fname) || (!lname) || (!email) || (!question))
{
//Error posts on contact-missing page
$error = "Please enter information into all the required fields.";
header("Location: contact-missing.php");
exit();
}
if(!check_email($email))
{
$error = "Email address format incorrect, please enter a valid email address.";
header("Location: contact-missing.php");
exit();
}
//Hopefully getting rid of some unwanted characters
$company = eregi_replace("[^a-z]+", "", $company);
$fname = eregi_replace("[^a-z]+", "", $fname);
$lname = eregi_replace("[^a-z]+", "", $lname);
$city = eregi_replace("[^a-z]+", "", $city);
$state = eregi_replace("[^a-z]+", "", $state);
$zip = eregi_replace("[^0-9]+", "", $zip);
$phone = eregi_replace("[^0-9]+", "", $phone);
//Last ditch try at replacing did not work
$patterns = "/%';\"\./";
$replace = "";
$question = preg_replace($patterns, $replace, $question);
$subject = "Website Submission Question/Info";
$message = "You have a question/problem waiting.
Company: $company
Full name: $fname, $lname
Address: $address
City, State, Zip: $city, $state, $zip
Phone: $phone
Email: $email
==========================
Question/Problem: $question";
$form_receipient = "youremail@domain.com";
mail($form_receipient, $subject, $message, "From: Website Contact Form<yourdomain@domain.com
header("Location: confirm.html");
?>
Any additions, comments, errors noticed are welcome!
far too complicated, IMHO
ASKER
suggestions then? and what about the stripping of special characters from a text box.
The script needs to be thorough, so the info is db ready, not just checking if the information is there or not. It will get even more intelligent(common repetitive letters) as weeks go but I just learned this stuff couple months ago, im a c+ guy, so be @#^@# nice!
Also working on a pure PHP/mysql shopping cart with html based input, but I will post on that in a few days after i have them done.
The script needs to be thorough, so the info is db ready, not just checking if the information is there or not. It will get even more intelligent(common repetitive letters) as weeks go but I just learned this stuff couple months ago, im a c+ guy, so be @#^@# nice!
Also working on a pure PHP/mysql shopping cart with html based input, but I will post on that in a few days after i have them done.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I tried that above, got a parse error at first but took care of that, it still would not remove special characters from the $question var.
Do I need to step through the $question array ($question[$i]) for each value?
Do I need to step through the $question array ($question[$i]) for each value?
ASKER
I tried that above, got a parse error at first but took care of that, it still would not remove special characters from the $question var.
Do I need to step through the $question array ($question[$i]) for each value?
Do I need to step through the $question array ($question[$i]) for each value?
ASKER
I just read that strings do not need to be checked by for validation as they can't affect anything? Is this true or did I read this wrong.
Found this:
# if field type is a string, no need to check regexp:
if ($field_type == "string") {
$field_ok = true;
} else {
# Check the field data against the regexp pattern:
$field_ok = ereg($data_types[$field_ty pe], $field_data);
}
from: http://www.ca-osi.com/article.php?sid=279
Found this:
# if field type is a string, no need to check regexp:
if ($field_type == "string") {
$field_ok = true;
} else {
# Check the field data against the regexp pattern:
$field_ok = ereg($data_types[$field_ty
}
from: http://www.ca-osi.com/article.php?sid=279
that was the meaning of what I wrote above 8-)
But in fact, strings may "affect" something : your database's contents (if any). And your HTML layout (if you had not taken care of this and did stupidely print tout strings entered by the user ;-) but nothing else.
But in fact, strings may "affect" something : your database's contents (if any). And your HTML layout (if you had not taken care of this and did stupidely print tout strings entered by the user ;-) but nothing else.
ASKER
well i figured out how to simply parse the string for key words that may be destructive, if anyone of you would like a few points for looking at it, i will post a new question to give you some points for.
I (and many others I guess) already have this kind of 'cleaner' function to strip ***some*** html and all jscript frompostings (I run a discussion forum)
there are multiple ways to do this.
personally, I never suceeded in using strip_tags() and more important some str_replace won't work.
there are multiple ways to do this.
personally, I never suceeded in using strip_tags() and more important some str_replace won't work.
ASKER
would like to delete this question, was able to finally write my own cleaning function, would like to post 20 points to both VGR and AlexWer for their input when question is closed
Dear DssjOker
I've refunded 80 points to enable you to accept the comment for one expert and to post a
"Points for <expertname>" Q for the other expert in the same topic area.
Please:
1) Post the link to the original Q in the "Points for <expertname>" and
2) Add in the original Q a comment with the link to the "Points for <expertname>", thus the email notif will warn the expert.
modulo
Community Support Moderator
Experts Exchange
I've refunded 80 points to enable you to accept the comment for one expert and to post a
"Points for <expertname>" Q for the other expert in the same topic area.
Please:
1) Post the link to the original Q in the "Points for <expertname>" and
2) Add in the original Q a comment with the link to the "Points for <expertname>", thus the email notif will warn the expert.
modulo
Community Support Moderator
Experts Exchange