• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

[PHP] Stopping ' from being used in name.

Sync

Ø,ø
Joined
May 26, 2009
Messages
1,901
Reaction score
26
Location
Canada
I dont know alot of PHP so I need some simple help fixing this problem with creating characters on the website with a ' in the name. It affects my onLook creaturescript.

This is the line of accountmanagement.php im trying to edit to block it.

PHP:
function checkName()
{
        if(document.getElementById("newcharname").value=="")
        {
            document.getElementById("name_check").innerHTML = \'<b><font color="red">Please enter new character name.</font></b>\';
            return;
        }
        nameHttp=GetXmlHttpObject();
        if (nameHttp==null)
        {
            return;
        }
        var newcharname = document.getElementById("newcharname").value;
        var url="?subtopic=ajax_check_name&name=" + newcharname + "&uid="+Math.random();
        nameHttp.onreadystatechange=NameStateChanged;
        nameHttp.open("GET",url,true);
        nameHttp.send(null);
}

My friend suggested trying,

PHP:
if(strpos("'", newcharname)==true)
+
PHP:
$searchstring= "'";
if(strpos($searchstring, $newcharname)==true)
+
PHP:
if(ctype_alpha(newcharname)==false)


But none seem to work, Any help will be greatly appreciated. Thanks
 
The simplest way is probably to just block the keypress event entirely with something like this:

http://pastebin.com/GuhdRqH4

Good to see you're still around, Sync. Good luck!

Never a good idea to rely on client side validation only, what if the person on the other side uses tamper data or similar addons, then you skip the whole client side validation.
 
Never a good idea to rely on client side validation only, what if the person on the other side uses tamper data or similar addons, then you skip the whole client side validation.

Hmm, good point. I suppose that may be possible. Then again, it's the simplest way to accomplish this, that I could think of offhand.

Perhaps using 'preg_match' is better? http://pastebin.com/CUpDV4Pr
 
Tried that Danger II, Still doesn't block players from creating with the '
I was wrong with strpos, first var then string, try again please (updated above)
Let me know right after, mobil sucks rly hard :p

Just tested, should work fine :)
 
I prefer to use whitelist validation, like this sample from Znote AAC:
PHP:
if (!preg_match("/^[a-zA-Z_ ]+$/", $_POST['name'])) {
    $errors[] = 'Your name may only contain a-z, A-Z and spaces.';
}
 
Back
Top