how to check for "a href=" in a string

**Arjen** · Jan 23 '07, 04:55 PM

Re: how to check for "a href=" in a string

Veco schreef:

Hi guys! (and girls if any ;)
>
I want to block my users from submitting a string that includes link(s)
stated using a href=...
>
probably there's some function in php?
>
i don't want eregi_replace, I just want the code to check a string in
variable if there's any a href... if so, then I'll use exit(); or smthng
else
>
Thanks for your suggestions!
>
>

stristr('a href',$text);

--
Arjen

Honden Page: uw hond en honden.

http://www.hondenpage.com

HondenPage: alles over uw hond of honden,fokkers en puppy's. Je vindt hier het hondenforum, honden foto's, fokkers, puppy's, de honden encyclopedie en nog veel meer !

**Allodoxaphobia** · Jan 23 '07, 06:35 PM

Re: how to check for "a href=" in a string

On Tue, 23 Jan 2007 17:38:52 +0100, Veco wrote:

Hi guys! (and girls if any ;)
>
I want to block my users from submitting a string that includes link(s)
stated using a href=...
>
probably there's some function in php?
>
i don't want eregi_replace, I just want the code to check a string in
variable if there's any a href... if so, then I'll use exit(); or smthng
else

A function I wrote to sit in a message board program I wrote:

function check_bad_conte nt($string)
{
// Stuff that spammers post with:
$bad_strings = array('www.','/url]','ttp://','ttps://') ;

foreach( $bad_strings as $bad_string )
{
if ( ereg( $bad_string, $string ) ) return false ;
}

return true;

} // E-O-function check_bad_conte nt

The entire message is passed in the parameter to check_bad_conte nt.

HTH
Jonesy
--
Marvin L Jones | jonz | W3DHJ | linux
38.24N 104.55W | @ config.com | Jonesy | OS/2
*** Killfiling google posts: <http://jonz.net/ng.htm>

**Toby Inkster** · Jan 23 '07, 06:55 PM

Re: how to check for "a href=" in a string

Veco wrote:

I want to block my users from submitting a string that includes link(s)
stated using a href=...

What about...

<a target="_self" href="...">

??

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact

**Toby Inkster** · Jan 23 '07, 07:05 PM

Re: how to check for "a href=" in a string

Allodoxaphobia wrote:

$bad_strings = array('www.','/url]','ttp://','ttps://') ;
>
foreach( $bad_strings as $bad_string )
if ( ereg( $bad_string, $string ) ) return false ;

Why do people insist on using ereg()? preg_match() gives better
performance and more flexibility. In this case anyway, you're matching
against plain strings, not regular expressions, so strstr() would be
even faster.

In any case, the following string would pass through your filter
unblocked:

Example Domain

hTTp://wWw.example.com/

because your tests are case-sensitive. The case-insensitive versions of
ereg() and strstr() are eregi() and stristr(). preg_match() can be made
case-insensitive using the '/i' flag.

function check_bad_conte nt($string)
{
$bad_strings = array('www.','/url]','ttp://','ttps://') ;

foreach ($bad_strings as $bad_string)
if (stristr($strin g, $bad_string))
return FALSE;

return TRUE;
}

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact

**veco** · Jan 24 '07, 06:15 AM

Re: how to check for "a href=" in a string

Thanks - all of you!

"Veco" <krunoslav.vece naj@kc.t-com.hrwrote in message
news:ep5dqh$58l $1@ss408.t-com.hr...

Hi guys! (and girls if any ;)
>
I want to block my users from submitting a string that includes link(s)
stated using a href=...
>
probably there's some function in php?
>
i don't want eregi_replace, I just want the code to check a string in
variable if there's any a href... if so, then I'll use exit(); or smthng
else
>
Thanks for your suggestions!
>

**FFMG** · Jan 24 '07, 07:05 AM

Re: how to check for "a href=" in a string

On Jan 23, 8:23 pm, Toby Inkster <usenet200...@t obyinkster.co.u k>
wrote:

Veco wrote:

I want to block my users from submitting a string that includes link(s)
stated using a href=...What about...

>
<a target="_self" href="...">
>

I don't know about others, but in my case anything with '<a' in the
message is rejected.

I understand that this is a bit extreme, but in my case I cannot really
see why they would want to post links in the first place, (when they
are told not to do it!), or the characters '<a'.

I test for '<a' after my normal XSS check that would have rejected the
message anyway.

Simon

**Krustov** · Jan 25 '07, 12:15 AM

Re: how to check for "a href=" in a string

<comp.lang.ph p>
<Veco>
<Tue, 23 Jan 2007 17:38:52 +0100>
<ep5dqh$58l$1@s s408.t-com.hr>

I want to block my users from submitting a string that includes link(s)
stated using a href=...
>
probably there's some function in php?
>
i don't want eregi_replace, I just want the code to check a string in
variable if there's any a href... if so, then I'll use exit(); or smthng
else
>
Thanks for your suggestions!
>

$poop=str_repla ce("<","",$poop );
$poop=str_repla ce(">","",$poop );

This means you dont have to exit and you can see what somebody tried to
enter without it working as a hyperlink .

--

https://www.phptakeaway.co.uk

(work in progress)

how to check for "a href=" in a string

how to check for "a href=" in a string

Comment

Comment

Comment

Comment

Comment

Comment

Comment