Cod: Selectaţi tot
<?php
$phone = 'Phone Model';
$na = 'Name';
$su = 'Surname';
$ad1 = 'Address Line 1';
$ad2 = 'Address Line 2';
$cit = 'City';
$cou = 'County';
$mo = 'Mobile No';
$em = 'Email';
$comm = 'Tell us whats happen with your phone before get broken.';
$phonemodel = $_POST['phonemodel'];
$name = $_POST['name'];
$surname = $_POST['surname'];
$address1 = $_POST['address1'];
$address2 = $_POST['address2'];
$city = $_POST['city'];
$county = $_POST['county'];
$mobileno = $_POST['mobileno'];
$mail = $_POST['email'];
$comment = $_POST['comment'];
if(!isset
($phonemodel) &&
($name) &&
($surname) &&
($address1) &&
($address2) &&
($city) &&
($county) &&
($mobileno) &&
($mail) &&
($comment)
){
header("Location: emailsend.php?validate=empty");
}
elseif($phonemodel == $phone ||
$name == $na ||
$surname == $su ||
$address1 == $ad1 ||
$address2 == $ad2 ||
$city == $cit ||
$county == $cou ||
$mobileno == $mo ||
$mail == $em ||
$comment == $comm ){
header("Location: emailsend.php?validate=realdetails");
}
else{
$regex = '/[\/=#\$%\*!\[\]\.\'^\-]/i';
$checkarr = array($phonemodel,$name,$surname,$address1,$address2,$city,$county,$mobileno,$comment,$mail);
for($i=0;$i<count($checkarr)-1;$i++){
if(preg_match($regex, $checkarr[$i])){
header("Location: emailsend.php?validate=forbidden");
}
elseif(!filter_var($checkarr[9], FILTER_VALIDATE_EMAIL)){
header("Location: emailsend.php?validate=notallowed");
}
}
$sql="INSERT INTO diagnose (phonemodel,name,surname,address1,address2,city,county,mobileno,email,comment)
VALUES
('".$phonemodel."','".$name."','".$surname."','".$address1."','".$address2."','".$city."','".$county."','".$mobileno."','".$mail."','".$comment."')";
$sqlquery = $conn->sqlExec($sql);
if (!$sqlquery) {
die(header("Location: emailsend.php?validate=error") . mysql_error());
}
else {
header("Location: emailsend.php?validate=booked");
}
mysql_close($conn);
}
?>
Cod: Selectaţi tot
elseif($phonemodel == $phone ||
$name == $na ||
$surname == $su ||
$address1 == $ad1 ||
$address2 == $ad2 ||
$city == $cit ||
$county == $cou ||
$mobileno == $mo ||
$mail == $em ||
$comment == $comm ){
header("Location: emailsend.php?validate=realdetails");
}
care este partea asta de cod.
Cod: Selectaţi tot
else{
$regex = '/[\/=#\$%\*!\[\]\.\'^\-]/i';
$checkarr = array($phonemodel,$name,$surname,$address1,$address2,$city,$county,$mobileno,$comment,$mail);
for($i=0;$i<count($checkarr)-1;$i++){
if(preg_match($regex, $checkarr[$i])){
header("Location: emailsend.php?validate=forbidden");
}
elseif(!filter_var($checkarr[9], FILTER_VALIDATE_EMAIL)){
header("Location: emailsend.php?validate=notallowed");
}
}
Bun scriptul functioneaza in ceea ce priveste verificarea valorilor sa nu fie aceleasi ce le am eu in focus,inserarea de date daca formul e completat corespunzator.Dar in cazul in care vreau sa testez sql inject , adica sa adaug in campuri un caracter de genul (' * etc) imi da eroare de sql adica asta de aici.
Cod: Selectaţi tot
if (!$sqlquery) {
die(header("Location: emailsend.php?validate=error") . mysql_error());
}
Ceva sugestii.
PS : Acel regex e dat de tine intr-un topic anterior,m-ai putea ajuta sa-l inteleg ce si cum e campat.pt ca vreau sa scap de niste caractere de acolo cum ar fi. ( ! - . )
PS2:Ideea e ca forumul e deja protejat cu JS dar cum JS se poate dezactiva am zis sa fac un back-up plan.
Mersi !