i need help in this form <FORM action="thanx.php" method="post"> <TABLE width="100%" border=0> <TBODY> <TR> <TD align=center><FONT color=#ff0000>* </FONT>title:<BR><INPUT size=40 name=title><BR></TD> </TR> </TBODY> <TABLE width="100%" border=0> <TBODY> <TR> <TD align=center><FONT color=#ff0000>* </FONT>Url<BR><INPUT size=40 name=url value=http://><BR><TD></TR></TBODY></TABLE> </TD> </TR> <TABLE width="100%" border=0> <TBODY> <TR> <TD align=center>description<BR> <textarea cols="50" rows="4" name="description"></textarea><BR><TD></TR></TBODY></TABLE> </TD> </TBODY></TABLE> <P style="TEXT-ALIGN: center" align=center><INPUT class=submit type=submit value="add" name=send></TD> </FORM> Code (markup): first : i want make fields required "at lest Three letters" using php not java ... but i want the user don't leave the form if this fields empty .. and i need the user don't go the add.php if this fields empty like :: please fill the this field second : some time my users post in the in fields ..something like this <SCRIPT type=text/javascript> <!-- //--> </SCRIPT> Code (markup): or something like this <a href=""</a> Code (markup): and some time user write one letter in the field i don't accept this ..because it makes problems in the results.. so what can i do to fix this and make security for this . so can anyone help me ..please
This is a kind of solution you need. <?php $redir_flag = false; if(strlen($_POST['title'] < 3)) { $redir_flag = true; } /** Do the same for other required fields as well */ /** Now redirect to the form.php using header function. Also pass in an GET parameter to show the error */ if($redir_flag == true) { header("location: my_form_location.php?error=length"); exit(); } /** Now for security, strip tags from each POST parameter and mysqli_real_escape them */ foreach($_POST as $key => $val) { //Strip slas if magic_quote is turned on if(get_magic_quotes_gpc ()) { $_POST[$key] = stripslashes($_POST[$key]); } //Strip tags $_POST[$key] = strip_tags($_POST[$key]); //mysql escape $_POST[$key] = mysqli_real_escape_string($dbC, $_POST[$key]); } /** Now things you need */ ?> PHP: For any help, reply here
thanxx bro.. for your great help.. please tell me what is the place of these <?php $redir_flag = false; if(strlen($_POST['title'] < 3)) { $redir_flag = true; } Code (markup): in the form or in the form location and this too foreach($_POST as $key => $val) { //Strip slas if magic_quote is turned on if(get_magic_quotes_gpc ()) { $_POST[$key] = stripslashes($_POST[$key]); } //Strip tags $_POST[$key] = strip_tags($_POST[$key]); //mysql escape $_POST[$key] = mysqli_real_escape_string($dbC, $_POST[$key]); } Code (markup): sorry .. i'am new in this..