Filter Everything Except Letters, Numbers and Dots?

Discussion in 'PHP' started by ColorWP.com, Jul 17, 2009.

  1. #1
    Hello.

    I have a dynamic (user input) string called $string.

    How do I trunctate every other character except letters (a-zA-Z), numbers (0-9) and dots (allow more than one)?

    What I'm trying to do is avoid any kinds of exploits, because I have user inputted URL as a string and I don't want the user entering stuff such as
    ?><a href="http://wikipedia.com" onClick="window.open('www.google.com');return false;">Free porn</a><?
    PHP:
    Also, if that's not too much I'm asking: How do I check if it's a valid domain, like
    Valid: www.domain.com, domain.com, http://domain.com, http://www.domain.com
    Invalid: www.domain.com/post1.html, subdomain.domain.com, www.sub.domain.com, http://domain.com/etc/...

    Thanks in advance!
     
    ColorWP.com, Jul 17, 2009 IP
  2. WeedGrinch

    WeedGrinch Active Member

    Messages:
    1,236
    Likes Received:
    73
    Best Answers:
    0
    Trophy Points:
    90
    #2
    For the security problem just use
    $string = strip_tags($string);
    Code (markup):
     
    WeedGrinch, Jul 17, 2009 IP
  3. mioot

    mioot Peon

    Messages:
    169
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #3
    use these function it validate the domain,subdomain

    function urlValidation($url="")
    {

    if (ereg("^[a-zA-Z0-9\-\.]+\.(aero|asia|biz|cat|com|coop|edu|gov|info|int|jobs|mil|mobi|museum|name|net|org|pro|tel|travel|ac|ad|ae|af|ag|ai|al|am|an|ao|aq|ar|as|at|au|aw|ax|az|ba|bb|bd|be|bf|bg|bh|bi|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|cr|cs|cu|cv|cx|cy|cz|de|dj|dk|dm|do|dz|ec|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gg|gh|gi|gl|gm|gn|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|im|in|io|iq|ir|is|it|je|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|me|mg|mh|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|mv|mw|mx|my|mz|na|nc|ne|nf|ng|ni|nl|no|np|nr|nu|nz|om|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|ps|pt|pw|py|qa|re|ro|rs|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|st|su|sv|sy|sz|tc|td|tf|tg|th|tj|tk|tl|tm|tn|to|tp|tr|tt|tv|tw|tz|ua|ug|uk|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|yu|za|zm|zr|zw)$",$url))
    return true;
    else
    return false;
    }
     
    mioot, Jul 18, 2009 IP
  4. ThePHPMaster

    ThePHPMaster Well-Known Member

    Messages:
    737
    Likes Received:
    52
    Best Answers:
    33
    Trophy Points:
    150
    #4
    Use preg_replace:

    
    <?php
    $string = '<a href="http://wikipedia.com" onClick="window.open(\'www.google.com\');return false;">Free 324234 porn</a>';
    $string = preg_replace('/[^0-9a-zA-Z]/'," ",$string);
    echo $string;
    ?>
    
    PHP:
    Do you have the domain ready or do you need to parse it out from a paragraph? To simply check a valid domain, use fsockopen if allowed by your host:

    
    $url = 'http://domain.com';
    
    $urlP = parse_url($url);
    $host = $urlP["host"];
    $fp = @fsockopen($host, 80, $errno, $errstr, 20);
    if($fp)
    {
         echo 'Domain good';
    }
    
    PHP:
     
    ThePHPMaster, Jul 18, 2009 IP