• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 271
  • Last Modified:

blocking numbers in php shoutbox

Is it possible to block numbers in php? I have little shoutbox form and now I need to blocking numbers (example phonenumber etc) so uder can't insert anything harmful or unsuitable info in my shoutbox?
It has to inset ip number to database but I want to isolate numbers from message.
Here is my action code:

<?php
require_once("config.php");
$name = $_POST['name'];
$message = $_POST['message'];
$ip = $_POST['ip'];
$mlen = strlen($message);
$maxlength = 150;
$date = date("M jS Y");
if ($_POST['submit'])  {
if ($name == "") { 
echo "<font color='#FF0000'><strong>error: username be missing</strong></font>"; 
}
else if ($message == "") { 
echo "<strong>Error: No message to be sent.</strong>"; 
}
else if ($mlen > $maxlength) { 
echo "<font color='#FF0000'><strong>error: message be missing.</strong></font>"; 
}
else {
$db = mysql_connect($dbhost,$dbuser,$dbpass); 
mysql_select_db($dbname) or die(mysql_error());
mysql_query("INSERT INTO shoutbox(name,message,date,ip) VALUES('$name','$message','$date','$ip')"); 
}
}
?>

Open in new window

0
tikkanen
Asked:
tikkanen
  • 4
  • 4
  • 2
1 Solution
 
tikkanenAuthor Commented:
I just increase the points value, I need also to isolate email addresses from message? Is that possible same time?
0
 
ncooCommented:
All numbers will be replaced with nothing.
<?php
require_once("config.php");
$name = $_POST['name'];
$message = $_POST['message'];
$message = preg_replace('/([0-9]+)/is','',$message);
$ip = $_POST['ip'];
$mlen = strlen($message);
$maxlength = 150;
$date = date("M jS Y");
if ($_POST['submit'])  {
if ($name == "") { 
echo "<font color='#FF0000'><strong>error: username be missing</strong></font>"; 
}
else if ($message == "") { 
echo "<strong>Error: No message to be sent.</strong>"; 
}
else if ($mlen > $maxlength) { 
echo "<font color='#FF0000'><strong>error: message be missing.</strong></font>"; 
}
else {
$db = mysql_connect($dbhost,$dbuser,$dbpass); 
mysql_select_db($dbname) or die(mysql_error());
mysql_query("INSERT INTO shoutbox(name,message,date,ip) VALUES('$name','$message','$date','$ip')"); 
}
}
?>

Open in new window

0
 
Ray PaseurCommented:
You might want to do this to email addresses...
<?php
 
$email_address = "Joey@MySite.com";
$redacted_email_address = str_replace('@', ' ', $email_address);
$redacted_email_address = str_replace('.', ' ', $redacted_email_address);
echo $redacted_email_address; // Joey MySite com

Open in new window

0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Ray PaseurCommented:
to block numbers you can use a REGEX to replace digits 0-9 with the number sign #
<?php 
 
$message = ereg_replace("[0-9]", "#", $message);

Open in new window

0
 
Ray PaseurCommented:
Actually, go with NCOO on the numbers - preg is faster than ereg.
0
 
tikkanenAuthor Commented:
Ray_Paseur:, that looks fine, but how that remove or convert messages whitch include email addresses. I tested that and insert email in text area ($message) but it still came in database and every user see it in shoutbox.

ncoo that works, I have to splitt point if Ray make solution in this email address problem.
0
 
Ray PaseurCommented:
<quote> it still came in database </quote>

tikkanen: You should put the string replacement code somewhere after receiving the input and BEFORE putting the information into the data base.  Then you will not have email addresses in the data base.

Best of luck, ~Ray
0
 
tikkanenAuthor Commented:
I tested ypur code but I can't get it working in right way. It has to remove email addresses from message field if somebody insert email address.
In the line $message = preg_replace('/@/is','',$message); it only remove @ sign from emai laddress

Here is what I try.
$name = $_POST['name'];
$message = $_POST['message'];
$message = preg_replace('/([0-9]+)/is','',$message);
$message = preg_replace('/@/is','',$message);
 
$ip = $_POST['ip'];
$mlen = strlen($message);
$maxlength = 150;
$date = date("M jS Y");
$email_address = "Joey@MySite.com";
$redacted_email_address = str_replace('@', ' ', $message);
$redacted_email_address = str_replace('.', ' ', $message);
if ($_POST['submit'])  {
if ($name == "") { 
echo "<font color='#FF0000'><strong>error: username be missing</strong></font>"; 
}
else if ($message == "") { 
echo "<strong>Error: No message to be sent.</strong>"; 
}
else if ($mlen > $maxlength) { 
echo "<font color='#FF0000'><strong>error: message be missing.</strong></font>"; 
}
else {
$db = mysql_connect($dbhost,$dbuser,$dbpass); 
mysql_select_db($dbname) or die(mysql_error());
mysql_query("INSERT INTO shoutbox(name,message,date,ip) VALUES('$name','$message','$date','$ip')"); 
}
}
?>

Open in new window

0
 
ncooCommented:
For emails as well you could use:
<?php
require_once("config.php");
$name = $_POST['name'];
$message = $_POST['message'];
$message = preg_replace('/([0-9]+)/is','',$message);
$message = preg_replace('/([^ ]+?)@([^ ]+?).([^ ]+?)/is','',$message);
$ip = $_POST['ip'];
$mlen = strlen($message);
$maxlength = 150;
$date = date("M jS Y");
if ($_POST['submit'])  {
if ($name == "") { 
echo "<font color='#FF0000'><strong>error: username be missing</strong></font>"; 
}
else if ($message == "") { 
echo "<strong>Error: No message to be sent.</strong>"; 
}
else if ($mlen > $maxlength) { 
echo "<font color='#FF0000'><strong>error: message be missing.</strong></font>"; 
}
else {
$db = mysql_connect($dbhost,$dbuser,$dbpass); 
mysql_select_db($dbname) or die(mysql_error());
mysql_query("INSERT INTO shoutbox(name,message,date,ip) VALUES('$name','$message','$date','$ip')"); 
}
}
?>

Open in new window

0
 
tikkanenAuthor Commented:
Thanks!! Both solutions works nice!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now