How can i prevent user to enter any url or link in contact form text area, i have tried it with this but its not working -

   if (!isset($_POST['submit']) && preg_match_all('/<a.*>.*<\/a>/', $_POST['query']))
      {
   echo "<h1 style='color:red;'>HTML Tag Not allowed </h1>";
 开发者_JAVA技巧     }
   else {
       //sendmail 
      }

Please help me

strip_tags

Try using strip_tags. It will allow you to strip out all tags that you don't allow.

Examples

Example from the manual:

<?php
$text = '<p>Test paragraph.</p><!-- Comment --> <a href="#fragment">Other text</a>';
echo strip_tags($text);
echo "\n";

// Allow <p> and <a>
echo strip_tags($text, '<p><a>');
?>

You would use something like this:

<?php
$text = '<p>Test paragraph.</p><!-- Comment --> <a href="#fragment">Other text</a>';

// Allow some tags but not <a>
echo strip_tags($text, '<p><strong><li><ul>');
?>

Your approach doesn't work because, presumably, nobody would use formal HTML tags when posting a link. To sanitize the input, you could use the PHP Strip tags function.

$regex_pattern = "/<a href=\"(.*)\">(.*)<\/a>/";

if( (strlen($_POST['query']) > 0) && (preg_match_all($regex_pattern, $_POST['query']) )

{ echo "Tags found"; }

Try:

if(!empty($_POST['submit']) and preg_match("/<a\shref=\"[a-z]{3,5}:\/{2}(?:w{3}\.)?[^>]+.([^<]+)/i",$_POST['query'])){
            //send mail
    }