Results 1 to 5 of 5

Thread: Need to replace everything #/W#

  1. #1
    Join Date
    Aug 2005
    Location
    Other Side of My Monitor
    Posts
    3,494
    Thanks
    5
    Thanked 105 Times in 104 Posts
    Blog Entries
    1

    Exclamation Need to replace everything #/W#

    I have the following code...

    I need to add a string that will strip everything except alpha/numeric's so the input box submission will only post numbers and letters.


    PHP Code:
    <?php
    $negateString 
    "";
    $end ".php";
    $host  $_SERVER['HTTP_HOST'];
    $uri   '/folder';
    $extra $_POST['guess'];
    $filename realpath$_SERVER['DOCUMENT_ROOT'] ).'/foldeer/'.($_POST['guess']).$end;
    if (isset(
    $_POST['submit'])){
            if (
    file_exists($filename)) {
    header("Location: http://$host$uri/$extra$end");
    }
            else {}
        if (
    strtolower($_POST['guess']) != ""){
            
    $end ".php";
            
    $myFile realpath$_SERVER['DOCUMENT_ROOT'] ).'/folder/'.($_POST['guess']).$end;
            
    $fh fopen($myFile'w') or die("can't open file");
            
    $stringData = <!-- rest of html here -->
    I know about this:

    PHP Code:
    $newstuff preg_replace('#\W#'''$string); 
    Just not sure where and how to adapt it to the current code. Should be a quick fix.

    Thanks guys.
    Last edited by BLiZZaRD; 10-13-2012 at 05:34 PM.
    {CWoT - Riddle } {Freelance Copywriter} {Learn to Write}
    Follow Me on Twitter: @InkingHubris
    PHP Code:
    $result mysql_query("SELECT finger FROM hand WHERE id=3");
    echo 
    $result

  2. #2
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    the $_POST['guess'] field?
    PHP Code:
    $extra preg_replace"#\W#",'',$_POST['guess'] ); 
    BTW, this can give varying results depending on your server's locale. May be what you want, maybe not, maybe it'll never make a difference. Does your filesystem ever have file names with non-ASCII characters? If not, you may want to replace \W with something like [^-_ A-Za-z0-9] (and/or add the u modifier to the regex).
    Last edited by traq; 10-11-2012 at 11:01 PM.

  3. #3
    Join Date
    Aug 2005
    Location
    Other Side of My Monitor
    Posts
    3,494
    Thanks
    5
    Thanked 105 Times in 104 Posts
    Blog Entries
    1

    Default

    I don't know... I just don't want special characters, periods or spaces in the guess input box.

    Basically there is a page with this input box on it. The user submits an answer (or "guess") and clicks submit, the page checks another folder for the file, if it doesn't exist, it creates it and returns to this page, if it does exist the user is taken to that page.

    So if you went there and typed in "dynamic" in the box, you would be greeted with a refresh of the page. If you entered "dynamic" in the box again, you would be taken to dynamic.php

    However, as you can tell (and I didn't when I put it together) you can enter "../" or "index.php" and really mess things up...


    Edit. I got it. Thanks! Replaced as you suggested then replaced both instances of $POST_guess with $extra. Good to go.
    Last edited by BLiZZaRD; 10-11-2012 at 11:24 PM.
    {CWoT - Riddle } {Freelance Copywriter} {Learn to Write}
    Follow Me on Twitter: @InkingHubris
    PHP Code:
    $result mysql_query("SELECT finger FROM hand WHERE id=3");
    echo 
    $result

  4. #4
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    okay...

    is this the logic you want?
    Code:
    was form submitted?
        yes:
        is "guess" a file?
            yes:
            redirect to the file
            no:
            create the file*
    
    *not sure I understand the point of this.  
    will this be an empty file?
    or are you adding contents somehow?
    allowing a user to add contents (to a .php file) is very dangerous
    PHP Code:
    <?php
    if( isset( $_POST['submit'] ) && !empty( $_POST['guess'] ) ){
        
    $root $_SERVER['DOCUMENT_ROOT'];
        
    $host $_SERVER['HTTP_HOST'];
        
    $path '/folder';
        
    $ext '.php';
        
    $guess preg_replace'#[^-_ A-Za-z0-9]#u','',$_POST['guess'] );
        if( 
    file_exists$root.$path.$guess.$ext ) ){
            
    header"Location: http://$host.$path.$guess.$ext);
            exit;
        }else{
            
    $handle fopen$root.$path.$guess.$ext,'w' );
            
    //  . . .
        
    }
    }
    in your original example, you're leaving case alone when looking for a file, and lowercasing everything when creating it. You should do one or the other. This makes a big difference on linux (i.e., most webservers), where everything is case-sensitive (as opposed to Windows, where case doesn't matter).

    Edit:

    glad you got it working.


  5. #5
    Join Date
    Aug 2005
    Location
    Other Side of My Monitor
    Posts
    3,494
    Thanks
    5
    Thanked 105 Times in 104 Posts
    Blog Entries
    1

    Default

    Yes, and no... the user isn't adding contents to the php file, the file is created, they are just giving it a file name. The page created isn't empty, it is populated with HTML, once they give it a name, it is created, if they then "guess" the same name again, they are shown the created file. The problem came in the original guess box, where they would try to "guess" (not knowing they are creating a file name) things like "../" and "index.php" etc. I have now fixed that though.

    Thanks!
    {CWoT - Riddle } {Freelance Copywriter} {Learn to Write}
    Follow Me on Twitter: @InkingHubris
    PHP Code:
    $result mysql_query("SELECT finger FROM hand WHERE id=3");
    echo 
    $result

Similar Threads

  1. Replies: 2
    Last Post: 04-25-2012, 01:02 AM
  2. DWMR:WHEN I press FIND&REPLACE eg xxxzzz.com with zzz.com and choose ALL SITE REPLACE
    By leonidassavvides in forum Computer hardware and software
    Replies: 0
    Last Post: 04-16-2009, 06:32 PM
  3. Replies: 6
    Last Post: 02-19-2009, 07:30 AM
  4. replace()
    By Schmoopy in forum JavaScript
    Replies: 26
    Last Post: 12-02-2008, 05:14 PM
  5. Replace Title
    By neo_philiac in forum HTML
    Replies: 3
    Last Post: 11-10-2006, 03:58 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •