Holiday Notice: Support will be provided on a limited scale from December 24th, 2024, to January 2nd, 2025. Happy holidays and a wonderful New Year!


Topic: Php form validation

demzl25 priority asked 5 years ago


Hi, How to add to contact form server side php validation to prevent user from entering url and html tags in textarea?

Thanks.



This one should work:

if (preg_match('#^<.>.+</.>$#', $_POST['content'])) {
    echo "Content cannot contain HTML Tags!";
}

if (strpos($_POST['content'], 'http') !== false || strpos($_POST['content'], 'https://') !== false) {
    echo "Content cannot contain URL!";
}

demzl25 priority commented 5 years ago

Thanks,

I have put this line of code to my (mail.php) but is not working! Here is my (php) code.

'Prosim izpolnite zahtevana polja', 'code' => 0)); exit(); } if ($email === ''){ print json_encode(array('message' => 'Prosim izpolnite zahtevana polja', 'code' => 0)); exit(); } else { if (!filter_var($email, FILTER_VALIDATE_EMAIL)){ print json_encode(array('message' => 'Vaš e-mail vsebuje nedovoljene znake', 'code' => 0)); exit(); } } if ($phone === ''){ print json_encode(array('numeric' => 'Prosim izpolnite zahtevana polja', 'code' => 0)); exit(); } if ($message === ''){ print json_encode(array('message' => 'Prosim izpolnite zahtevana polja', 'code' => 0)); exit(); } if (preg_match('#^.+$#', $_POST['content'])) { echo "Content cannot contain HTML Tags!"; } if (strpos($_POST['content'], 'http') !== false || strpos($_POST['content'], 'https://') !== false) { echo "Content cannot contain URL!"; } $content="From: $name \nEmail: $email \nMessage: $message \nPhone: $phone"; $recipient = "info@regresija-hipnoza.si"; $mailheader = "Sporocilo: $email \r\n"; $email_subject ='Regresija-hipnoza'; // Format maila: mail(to,subject,message,headers,parameters); // ---> V primeru da pustiš nekaj praznega mail(to,'',sporocilo,header, parameter) mail($recipient,$mailheader,$content) or die("Napaka!"); header("location: https://www.regresija-hipnoza.si/zahvalna-stran.html"); exit(); ?>

Thanks.


Bartłomiej Malanowski staff commented 5 years ago

You need to replace $_POST['content'] with the real string in your code



Please insert min. 20 characters.

FREE CONSULTATION

Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.

Status

Answered

Specification of the issue

  • ForumUser: Priority
  • Premium support: Yes
  • Technology: MDB jQuery
  • MDB Version: 4.7.3
  • Device: destop
  • Browser: chrome
  • OS: window 10
  • Provided sample code: No
  • Provided link: No
Tags