1

Topic: URL format check

I don't know PHP...

I want to use this trick from profile.php in another file, to check if the submitted URL has http:// and add it if it doesn't before inserting it into the database.

if ($form['url'] != '' && strpos(strtolower($form['url']), 'http://') !== 0)
$form['url'] = 'http://'.$form['url'];

I've found this that presumably does the same thing:

if (strstr($new_url, 'http://')===false)
$new_url = 'http://'.$new_url;

Neither work by themselves. Nr1 needs other parts from profile.php and it's not clear to me where to put these pieces of code in my file. I've tried different things.

I searched all over the internet for other examples of forms with a URL field where the URL format is checked. I couldn't find anything, nothing that was transparant enough to reverse engineer for someone who doesn't know PHP anyway.

Any suggestions, clues, pointers or examples are very welcome!

2 (edited by MattF 2007-10-19 18:58)

Re: URL format check

You need something similar in your submitting form too. (Borrowed and altered slightly from profile.php).

<label><?php echo $lang_profile['Website'] ?><br/><input type="text" name="user_uri" value="<?php echo pun_htmlspecialchars($user['url']) ?>" size="50" maxlength="80"/><br/></label>

The $user['url'] is the users website address from their db account. You would then need to get that HTTP var:

if (isset($_POST['user_uri']) && $_POST['user_uri'] != null)
{
    $uri = $_POST['user_uri'];

    if (stristr($uri, 'http://'))
    {
       $uri = 'http://'.$uri;
    }
    else
    {
        $uri = $uri;
    }
}
else
{
    $uri = null;
}

Untested.

3

Re: URL format check

Thanks again MattF!

I had to remove a t from 'issett' to prevent an error. This has no errors, but doesn't do anything either. URL is inserted, but the script doesn't add 'http://' when necessary:

<?php
$txturl = '\''.$db->escape($_POST['txturl']).'\'';

if (isset($_POST['txturl']) && $_POST['txturl'] != null)
{
    $uri = $_POST['txturl'];

    if (stristr($uri, 'http://'))
    {
       $uri = 'http://'.$uri;
    }
    else
    {
        $uri = $uri;
    }
}
else
{
    $uri = null;
}

// Update the database if form posted
if (!empty($_POST['cmdUpdate']))
{
$sql = 'UPDATE members SET url='.$txturl.' WHERE id = '.$pun_user['id'];

$result = mysql_query($sql) or die("SQL Update failed");
echo "Your information has been updated. Thanks.";
}

$result = $db->query('SELECT * FROM members WHERE id = '.$pun_user['id']) or error('Unable to fetch user data', __FILE__, __LINE__, $db->error());
$row = $db->fetch_assoc($result);

?>
<form method="post" action="<?php echo $PHP_SELF;?>">
<p>Website:<input type="text" name="txturl" size="30" value="<?php echo $row['url']; ?>" />
<p><input type="Submit" value="Update" name="cmdUpdate" />
</form>

4 (edited by MattF 2007-10-19 18:57)

Re: URL format check

Apologies. Slight spelling error on my part there. smile

It's not updating because the var you are setting is $uri, but you're entering your unparsed $txturl var into the db. big_smile Change $uri to $txturl or vice versa.

5

Re: URL format check

Peter wrote:
<?php

if (isset($_POST['txturl']) && $_POST['txturl'] != null)
{
    $uri = $_POST['txturl'];

    if (stristr($uri, 'http://'))
    {
       $txturl = '\''.$db->escape('http://'.$uri).'\'';
    }
    else
    {
        $txturl = '\''.$db->escape($uri).'\'';
    }
}
else
{
    $txturl = 'null';
}

// Update the database if form posted
if (!empty($_POST['cmdUpdate']))
{
$sql = 'UPDATE members SET url='.$txturl.' WHERE id = '.$pun_user['id'];

$result = mysql_query($sql) or die("SQL Update failed");
echo "Your information has been updated. Thanks.";
}

$result = $db->query('SELECT * FROM members WHERE id = '.$pun_user['id']) or error('Unable to fetch user data', __FILE__, __LINE__, $db->error());
$row = $db->fetch_assoc($result);

?>
<form method="post" action="<?php echo $PHP_SELF;?>">
<p>Website:<input type="text" name="txturl" size="30" value="<?php echo $row['url']; ?>" />
<p><input type="Submit" value="Update" name="cmdUpdate" />
</form>

Try that code above.

6 (edited by Peter 2007-10-19 19:27)

Re: URL format check

Thanks again MattF. The new code produces no errors, but also does not add the 'http://' when required.

Trying more variations...

7

Re: URL format check

Oops. big_smile Change this line:

if (stristr($uri, 'http://'))

to:

if (!stristr($uri, 'http://'))

8

Re: URL format check

Yes!! Works!!

Thanks again MattF!

Re: URL format check

MattF wrote:
stristr($uri, 'http://')

Why not use strpos?

Note: If you only want to determine if a particular needle occurs within haystack, use the faster and less memory intensive function strpos() instead.

http://php.net/strstr

10

Re: URL format check

If I use strpos the code just adds http:// to any URL that's entered, even if it already has http:// -> http://http://website.com

Re: URL format check

What was wrong with the first piece of code you posted?

// Handle the "empty" and "else" part however you want
if (!empty($_POST['txturl']) && strpos(strtolower($_POST['txturl']), 'http://') !== 0)
    $_POST['txturl'] = 'http://'.$_POST['txturl'];
else
    $_POST['txturl'] = '';

12

Re: URL format check

guardian34 wrote:

Why not use strpos?

I find it easier to keep to a true/false setup for checks like that, than having to remember that certain functions return a number. Strpos gets used if I need a position. Stristr if I need a match. Plus, it removes the need to call strtolower, as stristr is case insensitive. What you lose one way, you gain another. big_smile

13

Re: URL format check

guardian34 wrote:

What was wrong with the first piece of code you posted?

As far as I know, he merely hadn't managed to integrate the separate parts, rather than there being a problem as such.

Re: URL format check

MattF wrote:

Plus, it removes the need to call strtolower, as stristr is case insensitive.

So does stripos, but that requires PHP 5. roll