Page is a not externally linkable
- Code, Content, and Presentation
-- PHP Server Side Scripting
---- preg match

neiltheblue - 8:29 am on Dec 15, 2009 (gmt 0)


thankyou for your reply. First off i have no numeric values anywhere but in saying that i would certainly like to stop these being inserted also. I inserted your section of code at the top of my script and received the following error

Warning: Wrong parameter count for preg_replace() in addmessage.php on line 32.

I will post here my exact script so that you can see what i have happening, very basic but works a treat. Would like to stop special characters being inserted and any numbers to the name field.:

<body>
<div align="center">
<img src="christmas/header.jpg">
</div>

Add your Christmas message below:
<p>

<div align="center">
<div class="board">

<?php

if ($_POST["submit"] != "")
{
$ip = $REMOTE_ADDR;
$name = $_POST["name"];
$message = $_POST["message"];
$postedDate = date("H:i:s D dS M Y");

if (!$name ¦¦ !$message ¦¦ $name == "n/a" ¦¦ $name == "N/A")
{
echo "<p><b>Please enter a valid name and message!</b></p>";
}

elseif ($ip == "" ¦¦ $ip == "")
{
echo "You are no longer authorised to post messages.";
exit();
}

elseif (preg_match ("/secret/", $name) ¦¦ preg_match ("/SECRET/", $name) ¦¦ preg_match ("/admirer/", $name) ¦¦ preg_match ("/ADMIRER/", $name) ¦¦ preg_match ("/Secret/", $name) ¦¦ preg_match ("/Admirer/", $name) ¦¦ preg_match ("/x/", $name) ¦¦ preg_match ("/0-9/",$name))
{
echo "Please use the message board properly and enter a valid name. Inappropriate use will result in a ban. ";
exit();
}

else {
$query = "insert into christmas (name,message,ip,postedDate) values ('$name', '$message', '$ip', '$postedDate')";
mysql_query($query, $connection) or die(mysql_error());
echo "<p>Thank you $name, your message has been added to the Christmas Message Board.</p><p>Click <a href=\"index.php?page=christmas/index.php\">here</a> to return to the message board.<hr /></p>";
exit();
}
}
?>

<form method="post" action="index.php?page=christmas/addmessage.php">
Your Name:<br>
<input type="text" name="name" size="40" class="input" value="<?php echo $_POST["name"]?>" ><p />
Your Message:</b><br>
<textarea name="message" rows="10" cols="42" class="input"><?php echo $_POST["message"]?></textarea><p>
<input type="submit" value="Ho Ho Ho" name="submit" class="button">
</form>

</div>
</div>

</body>

Thread source:: http://www.webmasterworld.com/php/4042650.htm
Brought to you by WebmasterWorld: http://www.webmasterworld.com