Form security

[fpeter]

Hi everyone

I've been trying for weeks now to find a solution to my problem but can't find it anywhere, hope there is someone out there that can help.

It took me months to get a form to look the way I wanted it to and to get it to do what it should, which is send me the information.

Now my problem is that I am getting a lot of forms submitted with web addresses in the fields.

Firstly, Is there any way to stop these links being added or a way to just delete or reject the infomation?

Secondly, one of my forms asks for the websites URL to be added but can I restrict the form to only accept .com and .co.uk websites and delete the rest?

Is there a line of code I can add to the cgi script to do this or how do I configure the script.

Would really appreciate some help on this guys

[wige]

It is possible to filter these strings out in the script that processes the form submissions. What language is the CGI script in? Also, for the web addresses that you want removed, is it link code that is being entered, or just the domain name being entered, or a full url?

To filter out all URLs other than .com and .co.uk, the following code should work:

PHP Code:

if (eregi("^(http://){0,1}[a-z0-9\-_.]*(.com|.co.uk)$", $_POST['url'])) {
     $url = $_POST['url'];
} else {
     $url = FALSE;
}