如何验证用户是否在表单中的任何位置插入http://,显示错误消息?

时间:2015-04-01 16:55:08

标签: php forms validation

在我的表单中,用户可以添加其社交网站的所有网址。但他们无法添加http://https://的网址。

如果用户在表单提交中添加http://https://;表单尚未提交,并重定向我的错误页面。

但我想要如果用户在表单提交中添加http://https://,则会显示错误消息,而不会在错误页面上重定向。

这是我的表单流程。 (Mysql已被弃用,但稍后我将全部转移)

if(isset($_POST['update_ac'])){
$web = mysql_real_escape_string($_POST['web']);
$fb = mysql_real_escape_string($_POST['fb']);
$tw = mysql_real_escape_string($_POST['tw']);
$gg = mysql_real_escape_string($_POST['gg']);
$fk = mysql_real_escape_string($_POST['fk']);
$rn = mysql_real_escape_string($_POST['rn']);
$yt = mysql_real_escape_string($_POST['yt']);
$ig = mysql_real_escape_string($_POST['ig']);
$it = mysql_real_escape_string($_POST['it']);
$ms = mysql_real_escape_string($_POST['ms']);
$pt = mysql_real_escape_string($_POST['pt']);
$sc = mysql_real_escape_string($_POST['sc']);
$tm = mysql_real_escape_string($_POST['tm']);
$vv = mysql_real_escape_string($_POST['vv']);
$ws = mysql_real_escape_string($_POST['ws']);

# array of keys to check...
$keys =     array('web','fb','tw','gg','fk','rn','yt','ig','it','ms','pt','sc','tm','vv','ws');
# array of invalid strings to to check for...
$invalid_strings = array("http://","https://");

# array to hold errors found...
$errors = array();
foreach($keys as $key) {    # iterate through each key to check
  foreach($invalid_strings as $invalid) {   # iterate through each invalid  string
    if (strpos($_POST[$key],$invlid) > -1) {
      $errors[] = "$key cannot contain '$invalid'";
    }
  }
}
# if errors were found...
if (count($errors) > 0) {
    $error_msg = implode($errors,", ");
    echo $error_msg;
} else {
// update data in mysql database 
$sql = mysql_query("UPDATE social SET web='$web', fb='$fb', tw='$tw', gg='$gg', fk='$fk', rn='$rn', yt='$yt', ig='$ig', it='$it', ms='$ms', pt='$pt', sc='$sc', tm='$tm', vv='$vv', ws='$ws' WHERE username = '".$_SESSION['username']."'");
$result=mysql_query($sql);
// if successfully updated. 
if($result){
        echo '<strong>Updated Successful</strong>';
        echo '<META HTTP-EQUIV=Refresh //CONTENT="0">';
    }
    else {
        echo '<strong>Sorry !</strong> Not update, try again later';
    }
  }
}

<form class="form-horizontal" role="form" name="form1" method="post" action="">
<input name="username" type="text" id="username" value="<? echo $session->username; ?> (Cannot change)" disabled/>
<input name="web" type="text" id="web" placeholder="Enter url without http:// or https://" value="<? echo $web; ?>" size="15">
<input name="fb" type="text" id="fb" placeholder="Enter url without http:// or https://" value="<? echo $fb; ?>" size="15">
<input name="tw" type="text" id="tw" placeholder="Enter url without http:// or https://" value="<? echo $tw; ?>" size="15">
<input name="gg" type="text" id="gg" placeholder="Enter url without http:// or https://" value="<? echo $gg; ?>" size="15">
<input name="fk" type="text" id="fk" placeholder="Enter url without http:// or https://" value="<? echo $fk; ?>" size="15">
<input name="rn" type="text" id="rn" placeholder="Enter url without http:// or https://" value="<? echo $rn; ?>" size="15">
<input name="yt" type="text" id="yt" placeholder="Enter url without http:// or https://" value="<? echo $yt; ?>" size="15">
<input name="ig" type="text" id="ig" placeholder="Enter url without http:// or https://" value="<? echo $ig; ?>" size="15">
<input name="it" type="text" id="it" placeholder="Enter url without http:// or https://" value="<? echo $it; ?>" size="15">
<input name="ms" type="text" id="ms" placeholder="Enter url without http:// or https://" value="<? echo $ms; ?>" size="15">
<input name="pt" type="text" id="pt" placeholder="Enter url without http:// or https://" value="<? echo $pt; ?>" size="15">
<input name="sc" type="text" id="sc" placeholder="Enter url without http:// or https://" value="<? echo $sc; ?>" size="15">
<input name="tm" type="text" id="tm" placeholder="Enter url without http:// or https://" value="<? echo $tm; ?>" size="15">
<input name="vv" type="text" id="vv" placeholder="Enter url without http:// or https://" value="<? echo $vv; ?>" size="15">
<input name="ws" type="text" id="ws" placeholder="Enter url without http:// or https://" value="<? echo $ws; ?>" size="15">
<input name="userid" type="hidden" id="userid" value="<? echo $session->userid; ?>">
<input type="submit" name="update_ac" value="Submit">
</form>

2 个答案:

答案 0 :(得分:1)

这是我处理它的方式...... 

<?php

# array of keys to check...
$keys = array('web','fb','tw','gg','fk','rn','yt','ig','it','ms','pt','sc','tm','vv','ws');
# array of invalid strings to to check for...
$invalid_strings = array("http://","https://");

# array to hold errors found...
$errors = array();
foreach($keys as $key) {    # iterate through each key to check
  foreach($invalid_strings as $invalid) {   # iterate through each invalid string
    if (strpos($_POST[$key],$invlid) > -1) {
      $errors[] = "$key cannot contain '$invalid'";
    }
  }
}
# if errors were found...
if (count($errors) > 0) {
    $error_msg = implode($errors,", ");
    echo $error_msg;
} else {

#  the code to run if no errors found

}

?>

答案 1 :(得分:0)

dbinns66的答案将完全符合您的要求,但我建议您采用另一种方式来实现您的计划:如果用户将剪贴板中的URL粘贴到您的表单中(这将经常发生),则不会出现错误,只需删除协议部分:

// remove the HTTP(S) part from a string in a case-insensitive manner
function removeProtocol($line) {
  return preg_replace('|^http?(s*)://|i', "", $line);
}

  // I tend to not overwrite superglobals, you may use $_POST[$field]= ... instead
$arrCheckedFields= array();
// fields possibly containing URLs
$arrFieldsToHandle = array('web','fb','tw','gg','fk','rn','yt','ig','it','ms','pt','sc','tm','vv','ws');
foreach($arrFieldsToHandle as $field) {  
  $arrCheckedFields[$field]= removeProtocol($_POST[$field]);
}
相关问题
最新问题