By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,828 Members | 1,416 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,828 IT Pros & Developers. It's quick & easy.

how to check for "a href=" in a string

P: n/a
Hi guys! (and girls if any ;)

I want to block my users from submitting a string that includes link(s)
stated using a href=...

probably there's some function in php?

i don't want eregi_replace, I just want the code to check a string in
variable if there's any a href... if so, then I'll use exit(); or smthng
else

Thanks for your suggestions!
Jan 23 '07 #1
Share this Question
Share on Google+
7 Replies


P: n/a
Veco schreef:
Hi guys! (and girls if any ;)

I want to block my users from submitting a string that includes link(s)
stated using a href=...

probably there's some function in php?

i don't want eregi_replace, I just want the code to check a string in
variable if there's any a href... if so, then I'll use exit(); or smthng
else

Thanks for your suggestions!

stristr('a href',$text);

--
Arjen
http://www.hondenpage.com
Jan 23 '07 #2

P: n/a
On Tue, 23 Jan 2007 17:38:52 +0100, Veco wrote:
Hi guys! (and girls if any ;)

I want to block my users from submitting a string that includes link(s)
stated using a href=...

probably there's some function in php?

i don't want eregi_replace, I just want the code to check a string in
variable if there's any a href... if so, then I'll use exit(); or smthng
else
A function I wrote to sit in a message board program I wrote:

function check_bad_content($string)
{
// Stuff that spammers post with:
$bad_strings = array('www.','/url]','ttp://','ttps://') ;

foreach( $bad_strings as $bad_string )
{
if ( ereg( $bad_string, $string ) ) return false ;
}

return true;

} // E-O-function check_bad_content

The entire message is passed in the parameter to check_bad_content.

HTH
Jonesy
--
Marvin L Jones | jonz | W3DHJ | linux
38.24N 104.55W | @ config.com | Jonesy | OS/2
*** Killfiling google posts: <http://jonz.net/ng.htm>
Jan 23 '07 #3

P: n/a
Veco wrote:
I want to block my users from submitting a string that includes link(s)
stated using a href=...
What about...

<a target="_self" href="...">

??

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact

Jan 23 '07 #4

P: n/a
Allodoxaphobia wrote:
$bad_strings = array('www.','/url]','ttp://','ttps://') ;

foreach( $bad_strings as $bad_string )
if ( ereg( $bad_string, $string ) ) return false ;
Why do people insist on using ereg()? preg_match() gives better
performance and more flexibility. In this case anyway, you're matching
against plain strings, not regular expressions, so strstr() would be
even faster.

In any case, the following string would pass through your filter
unblocked:

hTTp://wWw.example.com/

because your tests are case-sensitive. The case-insensitive versions of
ereg() and strstr() are eregi() and stristr(). preg_match() can be made
case-insensitive using the '/i' flag.

function check_bad_content($string)
{
$bad_strings = array('www.','/url]','ttp://','ttps://') ;

foreach ($bad_strings as $bad_string)
if (stristr($string, $bad_string))
return FALSE;

return TRUE;
}
--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact

Jan 23 '07 #5

P: n/a
Thanks - all of you!
"Veco" <kr***************@kc.t-com.hrwrote in message
news:ep**********@ss408.t-com.hr...
Hi guys! (and girls if any ;)

I want to block my users from submitting a string that includes link(s)
stated using a href=...

probably there's some function in php?

i don't want eregi_replace, I just want the code to check a string in
variable if there's any a href... if so, then I'll use exit(); or smthng
else

Thanks for your suggestions!

Jan 24 '07 #6

P: n/a


On Jan 23, 8:23 pm, Toby Inkster <usenet200...@tobyinkster.co.uk>
wrote:
Veco wrote:
I want to block my users from submitting a string that includes link(s)
stated using a href=...What about...

<a target="_self" href="...">
I don't know about others, but in my case anything with '<a' in the
message is rejected.

I understand that this is a bit extreme, but in my case I cannot really
see why they would want to post links in the first place, (when they
are told not to do it!), or the characters '<a'.

I test for '<a' after my normal XSS check that would have rejected the
message anyway.

Simon

Jan 24 '07 #7

P: n/a
<comp.lang.php>
<Veco>
<Tue, 23 Jan 2007 17:38:52 +0100>
<ep**********@ss408.t-com.hr>
I want to block my users from submitting a string that includes link(s)
stated using a href=...

probably there's some function in php?

i don't want eregi_replace, I just want the code to check a string in
variable if there's any a href... if so, then I'll use exit(); or smthng
else

Thanks for your suggestions!
$poop=str_replace("<","",$poop);
$poop=str_replace(">","",$poop);

This means you dont have to exit and you can see what somebody tried to
enter without it working as a hyperlink .
--
www.phptakeaway.co.uk
(work in progress)
Jan 25 '07 #8

This discussion thread is closed

Replies have been disabled for this discussion.