String searching - Writing PHP

Posted by mitch2301 (mitch2301), 2 June 2006

I am working on a data validation class which checks length and formats of inputs (such as numerical, alphabetical input etc)

I have the following array with some event handlers in it:

Code:

var $event_handlers = array("onLoad=", "onClick=", "onDblClick=", "onKeyPress=", "onMouseMove=", "onMouseOver=", "onMouseOut=");

The class also contains this variable:

Code:

var $input_data;

It contains the data which is going to be checked in the class.

I am trying to find a function which will check the string against the array to see if the string contains any event handlers. Initially the class removed the event handlers straight off but I have decided I would like to record the input in a table in the database THEN remove the event handlers. It's basically so I can have a table containing the original bad input while removing the event handlers and letting the class remove them and continue running.

Basically I want something which does the following:

Code:

if ($string contains anything from $event_handlers array)
{
// Record the input in database with username, time and ip

// Remove the event handlers before continuing through the class
$this->input_data = str_replace($event_handlers, "Hacking Attempt!", $this->input_data);
}

I hope someone here can help me. I get the feeling its one of those basic functions I really should know but don't

Posted by admin (Graham Ellis), 2 June 2006

How's this?

Code:

<?php
$event_handlers = array("onLoad=", "onClick=",
"onDblClick=", "onKeyPress=",
"onMouseMove=", "onMouseOver=", "onMouseOut=");
$teststring = "This is some text with an onClick= in it";
$cleanstring = ereg_replace("(".implode("|",$event_handlers).")",
"<Hacking attempt>",$teststring);
print "$cleanstring\n";
?>

Posted by mitch2301 (mitch2301), 2 June 2006

It work to get the basic part of what I want done (two different strings) but I still need some sort of logic to it because I don't want to record every bit of input in the table.

If this is any help; I was thinking of a function like in_array() only I need one for checking strings rather than arrays.

Even if it was something like:

Code:

if($cleanstring contains "Hacking Attempt")
{
// store in database
}

Posted by mitch2301 (mitch2301), 2 June 2006

Ah, I got it.

in_array works for it too.

Thanks for the help

This page is a thread posted to the opentalk forum at www.opentalk.org.uk and archived here for reference. To jump to the archive index please follow this link.