How can i prevent user to enter any url or link in contact form text area, i have tried it with this but its not working -
if (!isset($_POST['submit']) && preg_match_all('/<a.*>.*<\/a>/', $_POST['query']))
{
echo "<h1 style='color:red;'>HTML Tag Not allowed </h1>";
开发者_JAVA技巧 }
else {
//sendmail
}
Please help me
strip_tags
Try using strip_tags. It will allow you to strip out all tags that you don't allow.
Examples
Example from the manual:
<?php
$text = '<p>Test paragraph.</p><!-- Comment --> <a href="#fragment">Other text</a>';
echo strip_tags($text);
echo "\n";
// Allow <p> and <a>
echo strip_tags($text, '<p><a>');
?>
You would use something like this:
<?php
$text = '<p>Test paragraph.</p><!-- Comment --> <a href="#fragment">Other text</a>';
// Allow some tags but not <a>
echo strip_tags($text, '<p><strong><li><ul>');
?>
Your approach doesn't work because, presumably, nobody would use formal HTML tags when posting a link. To sanitize the input, you could use the PHP Strip tags function.
$regex_pattern = "/<a href=\"(.*)\">(.*)<\/a>/";
if( (strlen($_POST['query']) > 0) && (preg_match_all($regex_pattern, $_POST['query']) )
{ echo "Tags found"; }
Try:
if(!empty($_POST['submit']) and preg_match("/<a\shref=\"[a-z]{3,5}:\/{2}(?:w{3}\.)?[^>]+.([^<]+)/i",$_POST['query'])){
//send mail
}
精彩评论