Adelphia web hosting - BRINGING FORMS TO LIFE // assume that there
BRINGING FORMS TO LIFE // assume that there is nothing suspect $suspect = false; // create a pattern to locate suspect phrases $pattern = ‘/Content-Type:|Bcc:|Cc:/i’; // process the $_POST variables The string assigned to $pattern will be used to perform a case-insensitive search for any of the following: Content-Type: , Bcc: , or Cc: . It s written in a format called Perl-compatible regular expression (PCRE). The search pattern is enclosed in a pair of forward slashes, and the i after the final slash makes the pattern case- insensitive. This is a very simple example, but regular expressions (regex) are a complex sub- ject that can reduce grown men to tears. Fortunately, you can find a lot of tried and tested regular expressions that you can simply drop into your own scripts. Two good places to look are http://regexlib.com and Regular Expression Recipes: A Problem Solution Approach by Nathan A. Good (Apress, ISBN: 1-59059-441-X). In addition to PCRE, you will probably also come across Portable Operating System Interface (POSIX) regular expressions. They tend to be easier to read, but they are slower and less powerful than PCRE. The easy way to tell whether a PHP script uses PCRE or POSIX is to look at the function used with the regex. All PCRE functions begin with preg_, while POSIX functions begin with ereg. To prevent your scripts from breaking in future, always use PCRE regular expressions, because there are plans to drop the ereg functions from the default configura- tion of PHP 6. 5 2. You can now use the PCRE stored in $pattern to filter out any suspect user input from the $_POST array. At the moment, each element of the $_POST array contains only a string. However, multiple-choice form elements, such as check boxes, return an array of results. So you need to tunnel down any subarrays and check the content of each element separately. That s precisely what the following custom-built function isSuspect() does. Insert it immediately after the $pattern variable from step 1. // create a pattern to locate suspect phrases $pattern = ‘/Content-Type:|Bcc:|Cc:/i’; // function to check for suspect phrases function isSuspect($val, $pattern, &$suspect) { // if the variable is an array, loop through each element // and pass it recursively back to the same function if (is_array($val)) { foreach ($val as $item) { isSuspect($item, $pattern, $suspect); } } 137
Note: If you are looking for cheap and reliable webhost to host and run your mysql application check mysql web server services.