Checking strings (why won't my code work?)

Davidc316

I'm working on a form that submits info to a database. I want to check all the submitted form info for the character "<". If that character is present then I do NOT want to script to enter the record.

I've tried a very simple, piece of coding straight from the textbook, but it doesn't work. The programme is continuing to accept new records even if the submissions from the form contain a "<".

Where did I go wrong????


if (strstr($_POST[], "<")) {
print "<b>";
print "<font face='Arial'>";
print "<font color='#990000'>";
print "Could not insert record due to the submission of an illegal character.";
print "<br>";
print "Please re-enter your details and try again.";
print "<br>";
print "</b>";
print "</font>";
echo formdraw();
}

rIkLuNd

// turn all the form data into a string
$str = implode('',$_POST);
// look for the illegal character
if(strstr($str,'<'))
{
    // print the error
}

kevinsequeira

since $_POST[] is an array you cant search it as you would a string.

you would have to loop thru the array and then do a search on individual values in the array

EDIT : didnt see the above post, try that out
reg
kevin

Davidc316

I appreciate the offer, but I tried it out and the program still accepts submissions with the < character.

After your suggestion I modified the code to...


// turn all the form data into a string 
$str = implode('',$_POST); 
// look for the illegal character 
if(strstr($str,'<')) 
{ 
// print the error 
print "<b>";
print "<font face='Arial'>";
print "<font color='#990000'>";
print "Could not insert record due to the usage of an illegal character.";
print "<br>";
print "Please re-enter your details and try again.";
print "<br>";
print "</b>";
print "</font>";
echo formdraw();

kevinsequeira

try this

print_r($HTTP_POST_VARS);

$str = implode(" ",$HTTP_POST_VARS);

echo $str;

do u see any < ?

reg
kevin

rIkLuNd

// turn all the form data into a string 
$str = implode('',$_POST);  

// look for the illegal character 
if(ereg('<',$str))
{  

// print the error 
print "<b>"; 
print "<font face='Arial'>"; 
print "<font color='#990000'>"; 
print "Could not insert record due to the usage of an illegal character."; 
print "<br>"; 
print "Please re-enter your details and try again."; 
print "<br>"; 
print "</b>"; 
print "</font>"; 
echo formdraw();
}

I haven't tested this code..

Davidc316

I didn't see your post there Kevin.

I think what you're saying makes sense. The only trouble is, even if I change the code to check $_post[email] (for example), then it STILL doesn't seem to be responding to the code at all.

Never the less, I shall try to follow up on your advice and try some kind of array search.

Thanks

Davidc316

Kevin- I tried that little trick you suggestion, but it didn't print the the stuff at all.

It just continued as if the new snippit of code wasn't even there.

I'm tempted just to call this script finished. Who cares about <'s anyway???

rIkLuNd

Well, I tested the little code that I gave you on my testing server and it worked like a charm..

Davidc316

Hang on.

There's something funny going on here. Even if I type in any old mumbo jumbo, the code still runs.

I'll need to take a time out an investigate this one.

Thanks

Davidc316

Ok, I don't know what happened there, but I've had a run through it again and that second bit of coding from you, Rik is suddenly working perfectly.

I don't know how it worked, I guess I can leave that for another day.

Thanks for the help guys. I really appreciate it.

rIkLuNd

You're welcome!