1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help with PHP

Discussion in 'Computers, Games, Electronics etc' started by CRX-YEM, Feb 20, 2007.

  1. CRX-YEM

    CRX-YEM Super Moderator Moderator VIP

    Messages:
    4,623
    Likes Received:
    54
    Joined:
    Sep 29, 2002
    Location:
    Wallingford, CT
    Say I'd like to chech that the info entered on a form
    Code:
    <td width="30%"><p class="bodytext" align="right"> Approx. Quantity: </p></td>
    <td width="70%" valign="top"><input type="text" name="qty" maxlength="7" class="input">
    
    was only a number would this do the job

    Code:
      <?php
    if (ereg (^\d*\.?\d*[1-9]+\d*$)|(^[1-9]+\d*\.\d*$)", $qty) {
    
    echo true;
    
    } else {
    
     echo '<p class="bodytext">Error!</p><p class="bodytext">Your message has not been sent. Please use your browser\'s refresh button to re-post the form data and try again. If this problem persists, please contact Webmaster<br>Thanks, <br></p>';
    }
    
    ?>
    
      
    
    
    if it's true just continue, false provide error message
     
  2. pissedoffsol

    pissedoffsol RETIRED

    Messages:
    49,693
    Likes Received:
    53
    Joined:
    Sep 28, 2002
    Location:
    Retirement Home
    absolutely overkill on the reg ex.

    all you need is to check for digitis \d and length {0,7}
    so

    ^\d{0,7}$

    and echo true won't get you very far :p
     
  3. CRX-YEM

    CRX-YEM Super Moderator Moderator VIP

    Messages:
    4,623
    Likes Received:
    54
    Joined:
    Sep 29, 2002
    Location:
    Wallingford, CT
    but what if there are commas and periods, it wouldn't pass the reg ex you've proposed
     
  4. pissedoffsol

    pissedoffsol RETIRED

    Messages:
    49,693
    Likes Received:
    53
    Joined:
    Sep 28, 2002
    Location:
    Retirement Home
    qty's shouldn't have those figure in them at all.... i'd run an erreg replace on the ,'s and .'s before going to this funtion.
     
  5. CRX-YEM

    CRX-YEM Super Moderator Moderator VIP

    Messages:
    4,623
    Likes Received:
    54
    Joined:
    Sep 29, 2002
    Location:
    Wallingford, CT
    well if you ask someone for a quantity It's possible for someone to enter 1,000 as a quantity. or 1.0
    but yeah a erreg replace would solve the problem and make the reg ex simpler
     
  6. CRX-YEM

    CRX-YEM Super Moderator Moderator VIP

    Messages:
    4,623
    Likes Received:
    54
    Joined:
    Sep 29, 2002
    Location:
    Wallingford, CT
    For those that might need a PHP mailing script that you don't want spammers to exploit, well this should do the trick. and FYI , this is the script that is now running on our site and it pretty much catches all the header injection exploits I could think of.

    Code:
    <?php
    function clean($data) {
        $data = trim(stripslashes(strip_tags($data)));
        return $data;
    }
    $exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload)/i";
    foreach ($_POST as $key => $val) {
        $c[$key] = clean($val);
    
        if (preg_match($exploits, $val)) {
            exit("<p>No exploits, please!</p>");
        }
    }
    
    $show_form = true;
    $error_msg = NULL;
    
    
    if (isset($c['submit'])) {
        if (empty($c['name']) || empty($c['company']) || empty($c['addr1']) || empty($c['city']) || empty($c['state']) || empty($c['zip']) || empty($c['phone']) || empty($c['email']) || empty($c['id']) || empty($c['features'])) {
            $error_msg .= "Your message cannot be sent without including the basic contact information. Please use your browser's back button to return and fill out the form completely. \n";
        } elseif (strlen($c['name']) > 40) {
            $error_msg .= "The name field is limited at 15 characters. Your first name or nickname will do! \n";
        } elseif (!ereg("^[A-Za-z' -]", $c['name'])) {
            $error_msg .= "The name field must not contain special characters. \n";
        } elseif (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($c['email']))) {
            $error_msg .= "That is not a valid e-mail address. \n";
        }
    
        if ($error_msg == NULL) {
            $show_form = false;
    
                    $subject = "  YOUR_SUBJECT HERE";
                    
                    $message = "This Message was sent from the Customize Part Form:\r\n\r\n";
                    $message        =       "-----------------------Custom Part Request---------------\r\n";
            $message        .=      "                   Name: ". $name ."\n";
            $message        .=      "                Company: ". $company ."\n";
            $message        .=      "               Address1: ". $addr1 ."\n";
            $message        .=      "               Address2: ". $addr2 ."\n";
            $message        .=      "                   City: ". $city ."\n";
            $message        .=      "                  State: ". $state ."\n";
            $message        .=      "                    Zip: ". $zip ."\n";
            $message        .=      "                  Phone: ". $phone ."\n";
            $message        .=      "                 E-mail: ". $email ."\n";
            $message        .=      "                    Fax: ". $fax ."\r\n";
            $message        .=      "----------------------Switch Configuration--------------\r\n";
            $message        .=      "               Part Num: ". $id ."\n";
            $message        .=      "                    Qty: ". $qty ."\n";
            $message        .=      "               Features: ". $features ."\r\n";
            
            
            $message        .=      "----------------------User Agent Details-----------------\r\n";
            $message        .=      "             IP Address: {$_SERVER['REMOTE_ADDR']} \n";
            $message        .=      "                Browser: {$_SERVER['HTTP_USER_AGENT']} \n";
            $message        .=      "---------------------------------------------------------\r\n";
    
            if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) {
                $headers   = "From: YOUREMAIL@DOMAIN.COM \n";
                $headers  .= "Reply-To: {$c['email']}";
            } else {
                $headers   = "From: www.YOURWEBSITEHERE.COM <YOUREMAIL@DOMAIN.COM> \n";
                $headers  .= "Reply-To: {$c['email']}";
            }
    
            $sendto = "YOUREMAIL@DOMAIN.COM";
            
            if (mail($sendto,$subject,$message,$headers)) {
                echo ' <table width="100%" border="0" cellspacing="0" cellpadding="5">
                 <tr>
                  <td><p class="bodytext">Thank You! </p>
                <p class="bodytext">Your message has been sent. We will review your requirements 
                    for your part and return your message as soon as possible. Thank you for 
                    your time and have a great day! </p>
                      <p class="bodytext"><a href="../index.htm">Back to home page </a></p></td>
                  </tr>
                </table>';
            } else {
                echo "<p>Your mail could not be sent this time.</p>";
            }
        }
    }
    if (!isset($c['submit']) || $show_form == true) {
        function get_data($var) {
            global $c;
            if (isset($c[$var])) {
                echo $c[$var];
            }
        }
    
        if ($error_msg != NULL) {
            echo "<p><strong style='color: red;'>ERROR:</strong><br />";
            echo nl2br($error_msg) . "</p>";
        }
    ?>
        <br><p class="bodytext" align="center">Customize Your Part </p>
            <form action="customizer.php" method="post"><p>
            
            <table border="0" cellpadding="2" cellspacing="0" width="100%" align="center">
                                  <tr>
                                    <td width="30%" valign="top"><p class="bodytext" align="right"> Part Number: </p></td>
                                    <td width="70%" valign="top"><p class="bodytext">
                                        <?
                                            print ($_GET['id']);
                                         ?>
                                      </p></td>
                                  </tr>
                                  <tr>
                                    <td width="30%" valign="top"><p class="bodytext" align="right"> Required Features: </p></td>
                                    <td width="70%" valign="top"><textarea name="features" cols="40" rows="7" id="features"><?php get_data("features"); ?> </textarea>
                                                                
                                    </td>
                                  </tr>
                                  <tr>
                                    <td width="30%"><p class="bodytext" align="right"> Approx. Quantity: </p></td>
                                    <td width="70%" valign="top"><input type="text" name="qty" size="15" id="qty" value="<?php get_data("qty"); ?>" class="input">
                                      
                                    </td>
                                  </tr>
                                  <tr>
                                    <td colspan="2" valign="top"><p class="bodytext" align="center"> <br>
                                        Please fill out the contact information below as completely as possible. <br>
                                        Doing so enables us to contact you about your specific needs on a product <br>
                                        and allows us to better serve you, the customer. <br>
                                        <font color="#FF0000">*</font> Fields are required. </p></td>
                                  </tr>
                                  <tr>
                                    <td colspan="2" align="center"><img src="../images/hrule.gif" width="450"> </td>
                                  </tr>
                                  <tr>
                                    <td colspan="2" align="center"><table border="0" align="center">
                                        <tr>
                                          <td width="25%" align="right"><p class="bodytext"><font color="#FF0000">*</font>Contact:</p></td>
                                          <td width="25%"><input type="text" name="name" size="15" id="name" value="<?php get_data("name"); ?>" class="input"></td>
                                          
                                          <td width="25%" align="right"><p class="bodytext"><font color="#FF0000">*</font>Company:</p></td>
                                          <td width="25%"><input type="text" name="company" size="15" id="company" value="<?php get_data("company"); ?>" class="input"></td>
                                        </tr>
                                        <tr>
                                          <td width="25%" align="right"><p class="bodytext"><font color="#FF0000">*</font>Addr1:</p></td>
                                          <td width="25%"><input type="text" name="addr1" size="15" id="addr1" value="<?php get_data("addr1"); ?>" class="input"></td>
                                          <td width="25%" align="right"><p class="bodytext">Addr2:</p></td>
                                          <td width="25%"><input type="text" name="addr2" size="15" id="addr2" value="<?php get_data("addr2"); ?>" class="input"></td>
                                        </tr>
                                        <tr>
                                          <td width="25%" align="right"><p class="bodytext"><font color="#FF0000">*</font>City:</p></td>
                                          <td width="25%"><input type="text" name="city" size="15" id="city" value="<?php get_data("city"); ?>" class="input"></td>
                                          <td width="25%" align="right"><p class="bodytext"><font color="#FF0000">*</font>State:</p></td>
                                          <td width="25%"><input type="text" name="state" size="15" id="state" value="<?php get_data("state"); ?>" class="input"></td>
                                        </tr>
                                        <tr>
                                          <td width="25%" align="right"><p class="bodytext"><font color="#FF0000">*</font>Zip:</b></p></td>
                                          <td width="25%"><input type="text" name="zip" size="15" id="zip" value="<?php get_data("zip"); ?>" class="input"></td>
                                          <td width="25%" align="right"><p class="bodytext"><font color="#FF0000">*</font>Phone:</p></td>
                                          <td width="25%"><input type="text" name="phone" size="15" id="phone" value="<?php get_data("phone"); ?>" class="input"></td>
                                        </tr>
                                        <tr>
                                          <td width="25%" align="right"><p class="bodytext"><font color="#FF0000">*</font>EMail:</b></p></td>
                                          <td width="25%"><input type="text" name="email" size="15" id="email" value="<?php get_data("email"); ?>" class="input"></td>
                                          <td width="25%" align="right"><p class="bodytext">Fax:</p></td>
                                          <td width="25%"><input type="text" name="fax" size="15" id="fax" value="<?php get_data("fax"); ?>" class="input"></td>
                                        </tr>
                                        <tr>
                                          <td colspan="4" align="center"><? print '<input type="hidden" name="id" value="' .$id. '"> '; ?>
                                            <input class="input" type="submit" name="submit" value="Submit">
                                          </td>
                                        </tr>
                                      </table></td>
                                  </tr>
                                  <tr>
                                    <td>&nbsp;</td>
                                  </tr>
                                </table>
                         </p></form>
    <?php
    }
    ?>
    
     
  7. pissedoffsol

    pissedoffsol RETIRED

    Messages:
    49,693
    Likes Received:
    53
    Joined:
    Sep 28, 2002
    Location:
    Retirement Home
    Code:
    } elseif (!ereg("^[A-Za-z' -]", $c['name'])) {
    
    should be:

    Code:
        } elseif (!ereg("^[A-Za-z' -]{0,40}$", $c['name'])) {
    
    otherwise, you are only going to test the first character of the name field.

    b2ob will pass through as you have it.
     
  8. pissedoffsol

    pissedoffsol RETIRED

    Messages:
    49,693
    Likes Received:
    53
    Joined:
    Sep 28, 2002
    Location:
    Retirement Home
    or even 1,40, to require one digit at the least...
     
  9. pissedoffsol

    pissedoffsol RETIRED

    Messages:
    49,693
    Likes Received:
    53
    Joined:
    Sep 28, 2002
    Location:
    Retirement Home
    even better might be something like this:

    ^[a-zA-Z]*\.?[a-zA-Z]+$

    That means, it must start and end with a letter, but anything else inbetween. maybe throw the ' and \s for spaces in the middle along with a-zA-Z

    reg ex'es suck :D
     
  10. CRX-YEM

    CRX-YEM Super Moderator Moderator VIP

    Messages:
    4,623
    Likes Received:
    54
    Joined:
    Sep 29, 2002
    Location:
    Wallingford, CT
    I agree reg ex's suck
    and a number getting in a name field isn't really a problem, I was really just after locking down the script from exploits and abuse
     
    Last edited: Feb 22, 2007
Verification:
Draft saved Draft deleted

Share This Page