If message field contains http, die;

I want to put some validation on the message field, so that if it contains http or https or www, or anything like that it doesnt proceed to submit, but instead returns through header location.

if ($_POST['message']) {
header("Location: https://www.checksafetyfirst.com/contact.php");

Above it how it is at the mo, I’m sot sure how to build the http check into it

You could use substr_count or preg_match to test for those strings.

as @SamA74 says. Although are you sure you want to die() if there is a weblink. If it’s a contact form are there occasions when someone might want to send you a link.

As long as you sanitize your input (which you should do regardless) then a link won’t matter. Or if you are checking for http etc then if it finds it rather than killing the script you could remove the http/www so the link won’t be accidentally clicked on and then add a warning to your message for whoever is checking the admin so they can still check the message but know it might be dodgy.

Hi Noppy, ye there will be no need at all to put a url in this form, so if it is, its spam.

This worked and posting it, for others

if (!preg_match("^(http|https)://",$_POST['message'])) {
header("Location: https://www.mysite.com/contact.php");

That is your choice, but it would be good for your users if you explain on the form that it will not accept URLs, as they may not always have bad intentions.

Ye your right I could do, what I will put is type the url using only www. and not adding a direct link in.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.