开发者

Not allow a href tags in form textarea

开发者 https://www.devze.com 2023-01-03 00:29 出处:网络
How can i prevent user to enter any url or link in contact form text area, i have tried it with this but its not working -

How can i prevent user to enter any url or link in contact form text area, i have tried it with this but its not working -

   if (!isset($_POST['submit']) && preg_match_all('/<a.*>.*<\/a>/', $_POST['query']))
      {
   echo "<h1 style='color:red;'>HTML Tag Not allowed </h1>";
 开发者_JAVA技巧     }
   else {
       //sendmail 
      }

Please help me


strip_tags

Try using strip_tags. It will allow you to strip out all tags that you don't allow.

Examples

Example from the manual:

<?php
$text = '<p>Test paragraph.</p><!-- Comment --> <a href="#fragment">Other text</a>';
echo strip_tags($text);
echo "\n";

// Allow <p> and <a>
echo strip_tags($text, '<p><a>');
?>

You would use something like this:

<?php
$text = '<p>Test paragraph.</p><!-- Comment --> <a href="#fragment">Other text</a>';

// Allow some tags but not <a>
echo strip_tags($text, '<p><strong><li><ul>');
?>


Your approach doesn't work because, presumably, nobody would use formal HTML tags when posting a link. To sanitize the input, you could use the PHP Strip tags function.


$regex_pattern = "/<a href=\"(.*)\">(.*)<\/a>/";

if( (strlen($_POST['query']) > 0) && (preg_match_all($regex_pattern, $_POST['query']) )

{ echo "Tags found"; }


Try:

if(!empty($_POST['submit']) and preg_match("/<a\shref=\"[a-z]{3,5}:\/{2}(?:w{3}\.)?[^>]+.([^<]+)/i",$_POST['query'])){
            //send mail
    }
0

精彩评论

暂无评论...
验证码 换一张
取 消