On 6 Jan 2005 10:27:41 -0800
"varois83" <va******@netzero.net> wrote:
:Hi
:
:I am new to PHP and am working on creating a guestbook from scratch to
:experiment.
:I am using several tutorials online.
:I have a question about dealing with entries made to my guestbook as it
:will eventually go on my website and I don't want people to write
:nonsense or insults or whatever.
:How do I do that?Shall I have the entries sent to my mailbox?
:Or shall they be sent to files on the server until I get to read them?
:My server is running mysql.
There are all sorts of issues with "form validation" that you should
Google into. You don't want people posting html to your guestbook,
f'rinstance, so you want at the very least to use strip_tags().
I keep a "dictionary" of naughty (and spam) words, one word per line,
and I check the name and the comment field against it. I have two
options, one simply rejects the message if finds a no-no, and the
other replaces the no-no with ###. For the latter you need to know about
file_get_contents() and explode() and str_ireplace(). For the former,
in_array() is your friend, along with preg_split().
Only after the text has been completely validated should you even
consider storing it to a db or sending it to a web page. You should be
able to do _all_ the validation with PHP. Some simple client-side
stuff can be done with Javascript (are the fields all filled in,
f'rinstance) but some people have turned their JS off, so it's not a
great idea. You shouldn't have to email the stuff to yourself or read
files or write the stuff into the db manually.
I recommend O'Reilly's PHP Cookbook.
--
Tony Reed
<tr***@altern.org>