Training, Open Source computer languages
PerlPHPPythonMySQLApache / TomcatTclRubyJavaC and C++LinuxCSS 
Search for:
Home Accessibility Courses Diary The Mouth Forum Resources Site Map About Us Contact
 
For 2023 (and 2024 ...) - we are now fully retired from IT training.
We have made many, many friends over 25 years of teaching about Python, Tcl, Perl, PHP, Lua, Java, C and C++ - and MySQL, Linux and Solaris/SunOS too. Our training notes are now very much out of date, but due to upward compatability most of our examples remain operational and even relevant ad you are welcome to make us if them "as seen" and at your own risk.

Lisa and I (Graham) now live in what was our training centre in Melksham - happy to meet with former delegates here - but do check ahead before coming round. We are far from inactive - rather, enjoying the times that we are retired but still healthy enough in mind and body to be active!

I am also active in many other area and still look after a lot of web sites - you can find an index ((here))
String searching

Posted by mitch2301 (mitch2301), 2 June 2006
I am working on a data validation class which checks length and formats of inputs (such as numerical, alphabetical input etc)

I have the following array with some event handlers in it:

Code:
var $event_handlers = array("onLoad=", "onClick=", "onDblClick=", "onKeyPress=", "onMouseMove=", "onMouseOver=", "onMouseOut=");


The class also contains this variable:

Code:
var $input_data;


It contains the data which is going to be checked in the class.

I am trying to find a function which will check the string against the array to see if the string contains any event handlers.  Initially the class removed the event handlers straight off but I have decided  I would like to record the input in a table in the database THEN remove the event handlers.  It's basically so I can have a table containing the original bad input while removing the event handlers and letting the class remove them and continue running.

Basically I want something which does the following:

Code:
if ($string contains anything from $event_handlers array)
{
     // Record the input in database with username, time and ip
   
 // Remove the event handlers before continuing through the class
  $this->input_data = str_replace($event_handlers, "Hacking Attempt!",  $this->input_data);
}


I hope someone here can help me.  I get the feeling its one of those basic functions I really should know but don't  

Posted by admin (Graham Ellis), 2 June 2006
How's this?

Code:
<?php
$event_handlers = array("onLoad=", "onClick=",
               "onDblClick=", "onKeyPress=",
               "onMouseMove=", "onMouseOver=", "onMouseOut=");
$teststring = "This is some text with an onClick= in it";
$cleanstring = ereg_replace("(".implode("|",$event_handlers).")",
                               "<Hacking attempt>",$teststring);
print "$cleanstring\n";
?>



Posted by mitch2301 (mitch2301), 2 June 2006
It work to get the basic part of what I want done (two different strings) but I still need some sort of logic to it because I don't want to record every bit of input in the table.

If this is any help; I was thinking of a function like in_array() only I need one for checking strings rather than arrays.

Even if it was something like:

Code:
if($cleanstring contains "Hacking Attempt")
{
 // store in database
}


Posted by mitch2301 (mitch2301), 2 June 2006
Ah, I got it.

in_array works for it too.

Thanks for the help



This page is a thread posted to the opentalk forum at www.opentalk.org.uk and archived here for reference. To jump to the archive index please follow this link.

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2024: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • FAX: 01144 1225 793803 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho