cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

Preventing links in form submissions through php.

Rick Gerard Community Expert
Community Expert ,
Aug 06, 2009 Aug 06, 2009

Copy link to clipboard

Copied

I've been working on this for several days and haven't found an easy solution. I've created a simple question and answer form that uses PHP to load up a Subject and comment field. The comment field is very similar to the form I'm using to fill out this question. It's a simple Text Area box, the Subject is a simple Text Field box. Both are required and add to a MySQL database table that has an id, subject and comments table setup.

Now that I've got it up I'd like to prevent folks from adding links and scripts to both fields. I just want plain text, no <a href"my good stuff.com"> or malicious scripts. There's got to be a simple way of looking at the text in the fields and discovering < or > and then just redirecting them to an error page that says you can't post code here...

I've written code that validates e-mails addresses, but I can't seem to get a handle on looking for and failing any post that attempts to add a link.

Thanks for the help.

TOPICS
Server side applications

Views

600

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 2 Replies 2
latest latest Jump to latest reply
bregent
LEGEND ,
Aug 06, 2009 Aug 06, 2009

Copy link to clipboard

Copied

There are several techniques. Best if you read about cross site scripting. Just search for 'php xss validation' for many examples. Here's a good article.

http://www.owasp.org/index.php/Top_10_2007-A1#Protection

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Rick Gerard Community Expert
Community Expert ,
Aug 07, 2009 Aug 07, 2009

Copy link to clipboard

Copied

LATEST
In Response To bregent

Thanks for the link. I've looked at lots of articles like that. I don't want to sanatize, I want to prevent. Shouldn't the code be as simple as

  $comments = $_REQUEST['comments'] ;

 
if ($comments contains any code or links line <a href = or anything like that) {
     GoTo error page}
else post the comment to the database
Obviously this isn't code, it's the idea. I have code that checks for a valid e-mail addresses. Sometimes I do that with Spry, sometimes with PHP validation. 
Come to think of it a Spry validation script that checked for malicious code would be a very elegant solution. If anyone has any ideas, please let me know. Preventing this kind of problem should be easier than loading up something like htmlpurifier 4.0 (a ton of code) that, as far as I can tell, sanitizes the code, which I don't want, rather than simply preventing html or java special characters from being added to the text.

					
				
			
			
				
			
			
			
			
			
			
			
		

		
		
	

	
	


	


				       
    


		
	
	


		

	

		

			

	
		
			
        




              

            
          

            

                
Votes

            

            

            

          

        
        
      
      

    


    


      

        

          
            
          
        

        

        


          


            
Translate


          


          


          


        


        


          Translate

        
 

      


    


  


      


        

      


      


          

              
Report

          

          

          


      


      
        Report
      
  
            


	
	

		

			

				

					
	

				

			

		

	


              
            

        


		
	
	


		

	

		

			

	
		
			


    

      

        
Community guidelines

        
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting.
           Learn more
        

      

      community guidelines
    
  
  
          

            



        

        

            

                

                    

                

            

            

                

                    

                

            

        

    
            

          


		
	
	


		

	



		

	

	

	



        




  

			
		
    
            

                

            

        

	
		

		
	

	

	



		
		
	


	

	




			
				


	
		

	
		

			

			
	

	

		


	

	

	

	


		

			
				

					
		

			

	
			
				
					
				
				
			
		


		

	
					
						

							
						

						

							

	
								
							


						

						
					
				

			

			

				
		

			

	
			
				
					
				
				
			
		


		

	
				

	
		
	

	


			

		

		
	
	

    

    
 

    
 



		
			
		
			

  


		
	
		

	
	


		

			

	
		
			


		
	
	


		

			

	
		

			
		
			
  


    


		
	
		

	
	


		

	

		

			

	
		
			

	

		

			
		

	



		
	
	


		

	



	

	
						

					
			
								
		

	


				

    

      

        
           Copyright © 2024 Adobe. All rights reserved.
        
      

      
 
        
          Using the Community
        
        
          Experience League
        
        
          Terms of Use
        
        
          Privacy
        
        
          Cookie preferences
        
        
          Do not sell or share my personal information
        
        
          ad choicesAdChoices