By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
431,661 Members | 791 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 431,661 IT Pros & Developers. It's quick & easy.

Guestbook entries question

P: n/a
Hi

I am new to PHP and am working on creating a guestbook from scratch to
experiment.
I am using several tutorials online.
I have a question about dealing with entries made to my guestbook as it
will eventually go on my website and I don't want people to write
nonsense or insults or whatever.
How do I do that?Shall I have the entries sent to my mailbox?
Or shall they be sent to files on the server until I get to read them?
My server is running mysql.
I am not sure if sent to me by email how I should enter them to the
database.Manually?Or is there a way to automate that with code after
review.
Sorry for being a newbie.

Thanks for your help

Patrick

Jul 17 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
On 6 Jan 2005 10:27:41 -0800
"varois83" <va******@netzero.net> wrote:

:Hi
:
:I am new to PHP and am working on creating a guestbook from scratch to
:experiment.
:I am using several tutorials online.
:I have a question about dealing with entries made to my guestbook as it
:will eventually go on my website and I don't want people to write
:nonsense or insults or whatever.
:How do I do that?Shall I have the entries sent to my mailbox?
:Or shall they be sent to files on the server until I get to read them?
:My server is running mysql.

There are all sorts of issues with "form validation" that you should
Google into. You don't want people posting html to your guestbook,
f'rinstance, so you want at the very least to use strip_tags().

I keep a "dictionary" of naughty (and spam) words, one word per line,
and I check the name and the comment field against it. I have two
options, one simply rejects the message if finds a no-no, and the
other replaces the no-no with ###. For the latter you need to know about
file_get_contents() and explode() and str_ireplace(). For the former,
in_array() is your friend, along with preg_split().

Only after the text has been completely validated should you even
consider storing it to a db or sending it to a web page. You should be
able to do _all_ the validation with PHP. Some simple client-side
stuff can be done with Javascript (are the fields all filled in,
f'rinstance) but some people have turned their JS off, so it's not a
great idea. You shouldn't have to email the stuff to yourself or read
files or write the stuff into the db manually.

I recommend O'Reilly's PHP Cookbook.

--
Tony Reed
<tr***@altern.org>
Jul 17 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.