sparkx 0 Report post Posted May 23, 2007 (edited) Ok as you all know by now I have been working on a php based game to help me learn php. It has been going great and it is almost done. I got some very good help on issues here and along with sites like php.net. However I am stuck and can not find a solution to a problem anywere. My Problem: I want users to join but I don't want some charicters to be in there name (example I dont want < so the name '<Test' would come back as an error). Anyway I see a lot of sites that check for this and I know you can check for it in javascript but I want to use php to do it because php is more secure. I have tried lots of things like strstr ect and they don't seem to work with what I want. Anouther variable that comes into play is that I want it to check an array. Here is an example. Disallowed Charicters: <, >, ', "I would array like: $string = array(<, >, ', ");This for some reason does not work for.if(strpos($name, $string)){//error stuff hereexit();}Do you get what I am saying anyone? This simply essures that noone adds html ect to there name. Thanks for the help,Sparkx Edited May 23, 2007 by sparkx (see edit history) Share this post Link to post Share on other sites
miCRoSCoPiC^eaRthLinG 0 Report post Posted May 24, 2007 Shouldn't the values you're inserting into an array be enclosed to single/double quotes? For example, shouldn't this line... $string = array(<, >, ', "); be written like this ? $string = array("<", ">", "'", "\""); ... but I may be mistaken. However, keep in mind that strpos will return an INTEGER indicating the location of the first encountered "needle" in the "haystack". Dunno if an if{} statement can interpret a if(strpos()) correctly. What I know is that, when the search string isn't found, strpos() will return a boolean false. Maybe if you invert the code-logic, it'll work. Example.. if( strpos($name, $string) === false ){ // Do nothing }else {// error stuff} Note that a boolean comparison is done using THREE '=' signs as compared to other types of equivalence match, where TWO or '=' are used. Otherwise I see no problem with your logic. It should work out fine. On a side-note, why do you want PHP to validate the character's name? Think of it this way - if you use PHP, it'll involve an extra client >> server >> client data transmission cycle, before the user gets to know about the problems in the name. In comparison, if you use JavaScript for validation - the name is checked in situ.. i.e. right inside your browser and the page is never submitted to the server till the user has got it all right. From the point of efficiency, this is a far better approach as it uses your local CPU to perform these mundane tasks rather than putting some extra load on the server. Share this post Link to post Share on other sites
sparkx 0 Report post Posted May 24, 2007 That is true about the server, however what if they turn of php. Here are some ideas I have but I am not sure if they will work effectivly. Would you look them over?A: Put both so if the javascript works then the php checks. This will provent people from copying my page, editing my javascrpt and resubmitting or even turning of javascript period.B: Is there a way to check what url a form came from. I could check the url and make sure it is my url essuring that the above doesn't happen.C: I was woundering rather stop some charicters I should only allow others like A-Z, a-z and a few others like _ that would be easier then just finding all the charectors that do not work. If you know how I could do any of the above or if you have other ideas please post them. Everything is welcome and appriciated. Thanks,Sparkx Share this post Link to post Share on other sites
Quatrux 4 Report post Posted May 25, 2007 If you only want to allow A-Z,a-z,0-9 in the username, when you can make a check using regular expression, you really will find examples on php net comments of such functions like preg_replace() and preg_match(), another way to do it is by using ctype here: http://lt.php.net/ctype just check what you want to filter. Share this post Link to post Share on other sites
miCRoSCoPiC^eaRthLinG 0 Report post Posted May 25, 2007 I have a script (JS) that allows you to effectively filter out keystrokes.. i.e. if you allow only { A-Z, a-z, 0-9 }, the input field will not accept any keystrokes other than those... that might help you somewhat. If you need it let me know and I'll post it here. Share this post Link to post Share on other sites
sparkx 0 Report post Posted May 28, 2007 Thank you both for the help. Right now I am using both. First javascript but if the person has javascript disabled then it uses php to check it. I can't remember the exact code off hand but it was something like this: if(preg_match(...Well anyway it worked. Thanks Quatrux. I just want to ask one quick question before this topic gets closed.Is it possible to check where a form came from? I am not using it as a "Secure" way to check (because I know you can edit and run the source of a page quite easyly) but rather a log, to see if any website are submitting forms to my php. If there is a way could you link me to the code or tell me the fuction at least?Thank you very much for the help. I am getting more and more of this php stuff down,Sparkx Share this post Link to post Share on other sites