If you POST from your form use $_POST, or $_GET for a form GET

foreach($_POST as $key => $value){
        if( strpos($value, $findme) !== false ){
                //$findme was found in $value
        }
}

http://php.net/manual/en/reserved.variables.php
http://us2.php.net/manual/en/control-structures.foreach.php
http://us2.php.net/strpos Yes, that's !== or ===

-----Original Message-----
From: Chris Payne [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 09, 2006 5:21 PM
To: php-db@lists.php.net
Subject: [PHP-DB] Database abuse help needed

Hi there everyone,
 
Is there a better way I can do this?
 
if ($email == "[EMAIL PROTECTED]" OR $subject == "Rulez666"
 
Basically, if I have data coming from a form to a DB, is there a better way
to say check EVERY variable for  a specific set of words rather than doing
$name, $subject etc .... seperately?
 
The reason I ask is my scripts are being exploited and I can fix it when the
attacks happen, but i'd like to be able to have a string which  checks all
the form data and takes action if a word I define in a list exists.
 
So, instead of doing if ($name == " mememe " ...... if($email == "
[EMAIL PROTECTED] " ....... I could just have a simple statement with a
group of words, and if one of the words appears it takes an action I specify
such as do not proceed to add to DB etc ....
 
Any help would be greatly appreciated as I am tired of keep writing the same
scripts with different variables, i'd love to just grab all the variables
from the form and perform the action ONCE on the incoming form data and then
all the variables are affected instead of doing each one.
 
Please save me from going nuts :-)
 
Chris

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to