开发者

Submitting a URL into a Form without "http://", with "www.", or with neither

(EDITED)

Hello,

In the form below, the field for <div class="urlfield"><input name="url" type="url" id="url" maxlength="500"></div> fine when a URL is submitted that has a "http://" at the beginning of it.

However, it doesn't work if a URL is submitted with only a "www." in front of it, or with neither a "http://" nor a "www."

How can I make it work if the submitted URL has any or none of the following at the beginning of it:

http://

www.

http://www.

Thanks in advance,

John

Form:

echo '<div class="submittitle">Submit an item.</div>';  

echo '<form action="http://www...com/.../submit2.php" method="post"> 
    <input type="hidden" value="'.$_SESSION['loginid'].'" name="uid">  

 <div class="submissiontitle"><label for="title">Story Title:</label></div> 
    <div class="submissionfield"><input name="title" type="title" id="title" maxlength="1000"></div>  

 <div class="urltitle"><label for="url">Link:</label></div> 
    <div class="urlfield"><input name="url" type="url" id="url" maxlength="500"></div>

    <div class="submissionbutton"><input name=开发者_高级运维"submit" type="submit" value="Submit"></div> 
</form>
';

submit2.php:

<?php
if($_SERVER['REQUEST_METHOD'] == "POST"){header('Location: http://www...com/.../submit2.php');}

require_once "header.php";


if (isLoggedIn() == true)
{

$remove_array = array('http://www.', 'http://', 'https://', 'https://www.', 'www.');
$cleanurl = str_replace($remove_array, "", $_POST['url']);
$cleanurl = strtolower($cleanurl);
$cleanurl = preg_replace('/\/$/','',$cleanurl);
$cleanurl = stripslashes($cleanurl);

$title = $_POST['title'];
$uid = $_POST['uid'];
$title = mysql_real_escape_string($title);
$title = stripslashes($title);

$cleanurl = mysql_real_escape_string($cleanurl);

$site1 = 'http://' . $cleanurl;

$displayurl = parse_url($site1, PHP_URL_HOST);

function isURL($url1 = NULL) {
        if($url1==NULL) return false;

        $protocol = '(http://|https://)';
        $allowed = '[-a-z0-9]{1,63}';

        $regex = "^". $protocol . // must include the protocol
                         '(' . $allowed . '\.)'. // 1 or several sub domains with a max of 63 chars
                         '[a-z]' . '{2,6}'; // followed by a TLD
        if(eregi($regex, $url1)==true) return true;
        else return false;
}



if(isURL($site1)==true)
 mysql_query("INSERT INTO submission VALUES (NULL, '$uid', '$title', '$cleanurl', '$displayurl', NULL)");
else
 echo "<p class=\"topicu\">Not a valid URL.</p>\n";

} else {
    show_loginform();
}

if (!isLoggedIn())
{
    if (isset($_POST['cmdlogin']))
    {
        if (checkLogin($_POST['username'], $_POST['password']))
        {
            show_userbox();
        } else
        {
            echo "Incorrect Login information !";
            show_loginform();
        }
    } else
    {
        show_loginform();
    }

} else
{
    show_userbox();
}

require_once "footer.php";

?>


Without the protocol (http://), a browser should consider the url relative.

Get rid of the host (www...com) part, and start from the following slash to use the url relative to the domain's document root.

Alternatively, use an url relative to the url of the page where the form resides (could be "../../something/else/submit.php" for example.

To build a relative url dynamically without resorting to the domain root, you may find the predefined variable $_SERVER['PHP_SELF'] useful (the exact contents of which may vary depending on which web server is in question).


It looks fine to me, but Echo the value of the passed url at several points to see where the code is failing.

Edit try making $cleanurl = mysql_real_escape_string($cleanurl);

$cleanurl = mysql_real_escape_string(trim($cleanurl));

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜