[PHP-WIN] Function problem

Wed, 17 Jul 2002 01:47:29 -0700 

Hi

I hawe the following script :

<?
include("glava.php");


///////// FUNKCIJE ///////////

/*

Funkcija ki preveri če je URL prave oblike

*/

function je_url($url) {
        
        if (ereg("^http://*";, $url))
        
        {
                return TRUE;
                
        }
        
        else
        {
        return FALSE;
        }
        
}


function preveri($vir, $vir_url) {

        if ($vir || ( $vir && je_url($vir_url)) || (!$vir && !$vir_url))
        {
        return true;
        }
        
        else
        {
        return false;
        }
        
        
}
        

        
/*

Funkcija ki najrpej preveri če je s podatki vse vredu in jih ptoem doda v bazo

*/

        

function dodaj() {
        
        
        if($_POST['naslov'] && $_POST['vsebina'] && $_POST['avtor'] && 
$_POST['datum'] && preveri($_POST['vir'], $_POST['vir_url']))
        
        {
                
                $naslov = strip_tags($_POST['naslov'], "<b><i><a><img><u><p><br>");
                $vsebina = strip_tags($_POST['vsebina'], "<b><i><a><img><u>");
                $avtor = strip_tags($_POST['avtor'], "<b><i><a><img><u>");
                $datum = $_POST['datum'];
                $vir = $_POST['vir'];
                $vir_url = $_POST['vir_url'];
        
          $query = "insert into novice_novice (novica_naslov, novica_vsebina, 
novica_avtor, novica_datum, novica_vir, novica_vir_url)
                values('$naslov', '$vsebina', '$avtor', '$datum', '$vir', '$vir_url')";
                
          MYSQL_QUERY($query) or
                die (MYSQL_ERROR());
                
          echo "Novica vnešena !";
          echo "<br>Čez 3 sekunde boste preusmerjeni na glavni meni !";
        
          ?>
        
          <script>
                        window.setTimeout("document.location.href='./main.php'", 3000);
                </script>
                
                <?
                
                
        
        }
        else
        {
                echo "Nisi vpisal vseh podatkov! Ali pa je URL napačen.!";
                
                ?>
                
                <script>
                        window.setTimeout("history.go(-1)", 3000);
                </script>
                
                <?
                
                
        }
        
}

/////// KONEC FUNKCIJ /////////

                        
if($_COOKIE['prijava'] == "prijavljen")
        {
                
         ?>
        
         <title>Administracija novic : Dodajanje novic</title>
        
         <?
        
         MYSQL_CONNECT("localhost", "user", "password") or
                die (MYSQL_ERROR());
        
         MYSQL_SELECT_DB("nuke") or
                die(MYSQL_ERROR());
        
         dodaj();
        
        }
        
        else
        {
        
        ?>
        
                <script>document.location.href='./prijava.php';</script>

        <?
        
                
        }
        
?>



The problem is that this scipt alow to insert the news in to the database, 
even if the url is not correct.

All fileds exspect vir and vir_url must contanit something.
If vir_url is filed the vir must be field to, but if vir is filed it is not 
necesarry to vir_url to be filed.
Bu tif vir_url is fild it must be a vaild URl with http:// at teh begiinig.

But this script inserts the news even if teh URL is not in the corrret format.



LP
JaN
www.3delavnica.com
www.ks-con.si


--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to