Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Valid a bogus "comment" field entry 1

Status
Not open for further replies.
deadweb

deadweb

Technical User
Nov 26, 2002
11
US
In a simple, regular textarea field:

<input type=&quot;text&quot; name=&quot;comments&quot; size=&quot;60&quot;>

Some goofball is just submitting a repeating character, i.e. &quot;9999999999999999999999999999999999999999999999999..etc&quot; He might submit 200 repeats of any given character. No spaces. Not always a number.

That, of course, won't wrap, and throws the page off.

How to prevent??
 
Sort by date Sort by votes
one thing I started doing also as something simular happened to me was to check for spaces in the value the user entered. If I do not find a space with in a length of 25 bytes then I error it. Not too many words that will be longer then 25 char's for the first word. You can easily do this with a substring function I dare to learn more
admin@onpntwebdesigns.com
 
Upvote 0 Downvote
I like the idea of looking for spaces between words and limiting word length.

Ah, you wouldn't happen to have that substring laying around?

Very tantalizing, but I need the code…
 
Upvote 0 Downvote
here you go. I didn't ahve the one I wrote before here but I wrote this short one using the split function instead for simple terms.
<html>
<head>
<script language=&quot;javascript&quot;>
function checkLength(str) {
strArray = str.split(&quot; &quot;); //split at first space
strChk = strArray[0]; // variable declare not needed but good for debug reasons
if (strChk.length > 25) { // check length of first array element > then 25 give alert
alert(&quot;why are you doing this to my site?&quot;);
}
}
</script>
</head>
<body>
<form>
<input type=&quot;text&quot; onBlur=&quot;checkLength(this.value)&quot;>
</form>
</body>
</html> I dare to learn more
admin@onpntwebdesigns.com
 
Upvote 0 Downvote
glad to help.

just to add a bit if you really wanted to get touchy on this. like if they catch wind of it and start putting spaces here and there you can test for length of each array element being a certain length in the same mannar as above. here's what I mean
if you add this to the function above you will see that for every space in the text field in a sense a varaible was declared
for (var x = 0; loop < strArray.length; x++)
{
document.write(strArray[x] + &quot;<br>&quot;);
}

so you could do the same thing to test each for
strArray[x] > 25
this can get touchy though for different languages etc. that have lengthy words and or email addressing being lengthy. just thinking out loud.

glad this helped out.
I dare to learn more
admin@onpntwebdesigns.com
 
Upvote 0 Downvote
that should be
for (var x = 0; x < strArray.length; x++)
{
document.write(strArray[x] + &quot;<br>&quot;);
}

trying to avoid the iitalics and typo'd
I dare to learn more
admin@onpntwebdesigns.com
 
Upvote 0 Downvote
Ooops. De-bugging...When you press &quot;ok&quot;, get the message, and then press the 'submit' button again. It still adds the bogus text.
 
Upvote 0 Downvote
how are you adding this to the form? can you post the code. if you don't either return false after the error/alert or set focus to something then the submission will still go through. it may possibly jsut be that you need to add return false; to the function depending on what event you are using to validate or run the function I dare to learn more
admin@onpntwebdesigns.com
 
Upvote 0 Downvote
Here is the code for the form. The javascript is in the head...

<table border=&quot;0&quot; width=&quot;100%&quot; cellspacing=&quot;0&quot; cellpadding=&quot;2&quot;>
<tr><form method=&quot;POST&quot; action=&quot;addComment.asp?id=<% =intPollID %>&quot; id=&quot;comments&quot; name=&quot;formComments&quot;>
<td align=&quot;left&quot; class=&quot;baseFont12&quot; bgcolor=&quot;#3366CC&quot;><br><font color=&quot;#FFFFFF&quot;>Tell us what you think:</font></td></tr>
<tr><td bgcolor=&quot;#3366CC&quot;><img src=&quot;dot_clear.gif&quot; width=&quot;20&quot; height=&quot;0&quot;><font color=&quot;#FFFFFF&quot;>Name:<input type=&quot;text&quot; name=&quot;author&quot; size=&quot;20&quot; tabindex=&quot;1&quot;> </td></tr>
<tr><td bgcolor=&quot;#3366CC&quot;><img src=&quot;dot_clear.gif&quot; width=&quot;20&quot; height=&quot;0&quot;><font color=&quot;#FFFFFF&quot;>Comments:<input type=&quot;text&quot; name=&quot;comments&quot; size=&quot;60&quot; tabindex=&quot;2&quot; onBlur=&quot;checkLength(this.value)&quot;>
<br><center><input type=&quot;submit&quot; Value=&quot;WRITE YOUR COMMENT&quot; name=&quot;B1&quot;><br> </center> </td></tr></form>
</table>
 
Upvote 0 Downvote
try this. it's not as pretty but for such a small form it works good. I change the form tag to use the event onSubmit and added a little functionality to the function.

<html>
<head>
<script language=&quot;javascript&quot;>
function checkLength() {
var str = document.formComments.comments.value;
strArray = str.split(&quot; &quot;); //split at first space
strChk = strArray[0]; // variable declare not needed but good for debug reasons
if (strChk.length > 25) { // check length of first array element > then 25 give alert
alert(&quot;why are you doing this to my site?&quot;);
document.formComments.comments.focus();
return false;
} else {
return true;
}
}
</script>
</head>
<body>
<table border=&quot;0&quot; width=&quot;100%&quot; cellspacing=&quot;0&quot; cellpadding=&quot;2&quot;>
<tr><form method=&quot;POST&quot; action=&quot;addComment.asp?id=<% =intPollID %>&quot; id=&quot;comments&quot; name=&quot;formComments&quot; onSubmit=&quot;return checkLength()&quot;>
<td align=&quot;left&quot; class=&quot;baseFont12&quot; bgcolor=&quot;#3366CC&quot;><br><font color=&quot;#FFFFFF&quot;>Tell us what you think:</font></td></tr>
<tr><td bgcolor=&quot;#3366CC&quot;><img src=&quot;dot_clear.gif&quot; width=&quot;20&quot; height=&quot;0&quot;><font color=&quot;#FFFFFF&quot;>Name:<input type=&quot;text&quot; name=&quot;author&quot; size=&quot;20&quot; tabindex=&quot;1&quot;> </td></tr>
<tr><td bgcolor=&quot;#3366CC&quot;><img src=&quot;dot_clear.gif&quot; width=&quot;20&quot; height=&quot;0&quot;><font color=&quot;#FFFFFF&quot;>Comments:<input type=&quot;text&quot; name=&quot;comments&quot; size=&quot;60&quot; tabindex=&quot;2&quot;>
<br><center><input type=&quot;submit&quot; Value=&quot;WRITE YOUR COMMENT&quot; name=&quot;B1&quot;><br> </center> </td></tr></form>
</table>
</body>
</html> I dare to learn more
admin@onpntwebdesigns.com
 
Upvote 0 Downvote
Ok. That's good. It keeps the 'comment' from freaking. But, as I play with it, from a 'bad-guy' viewpoint, I see he might want to do it to the 'name' field. This seems to guard the 'comment', but the 'name' is unprotected.

Can I protect the 'name' field in the same way?
 
Upvote 0 Downvote
<html>
<head>
<script language=&quot;javascript&quot;>

function checkLength(str) {
strArray = str.split(&quot; &quot;); //split at first space
strChk = strArray[0]; // variable declare not needed but good for debug reasons
if (strChk.length > 25) { // check length of first array element > then 25 give alert
alert(&quot;why are you doing this to my site?&quot;);
return false;
} else {
return true;
}
}
</script>
</head>
<body>
<table border=&quot;0&quot; width=&quot;100%&quot; cellspacing=&quot;0&quot; cellpadding=&quot;2&quot;>
<tr><form method=&quot;POST&quot; action=&quot;addComment.asp?id=&quot; id=&quot;comments&quot; name=&quot;formComments&quot;>
<td align=&quot;left&quot; class=&quot;baseFont12&quot; bgcolor=&quot;#3366CC&quot;><br><font color=&quot;#FFFFFF&quot;>Tell us what you think:</font></td></tr>
<tr><td bgcolor=&quot;#3366CC&quot;><img src=&quot;dot_clear.gif&quot; width=&quot;20&quot; height=&quot;0&quot;><font color=&quot;#FFFFFF&quot;>

Name:<input type=&quot;text&quot; name=&quot;author&quot; size=&quot;20&quot; tabindex=&quot;1&quot; onChange=&quot;return checkLength(this.value)&quot;> </td></tr>

<tr><td bgcolor=&quot;#3366CC&quot;><img src=&quot;dot_clear.gif&quot; width=&quot;20&quot; height=&quot;0&quot;><font color=&quot;#FFFFFF&quot;>

Comments:<input type=&quot;text&quot; name=&quot;comments&quot; size=&quot;60&quot; tabindex=&quot;2&quot; onChange=&quot;return checkLength(this.value)&quot;>

<br><center><input type=&quot;submit&quot; Value=&quot;WRITE YOUR COMMENT&quot; name=&quot;B1&quot;><br> </center> </td></tr></form>
</table>
</body>
</html> I dare to learn more
admin@onpntwebdesigns.com
 
Upvote 0 Downvote
That made the SQL error out because the <% =intPollID %> was missing in the form. It didn't know which poll to go to.

This knows the right poll, but doesn't filter:

<table border=&quot;0&quot; width=&quot;100%&quot; cellspacing=&quot;0&quot; cellpadding=&quot;2&quot;>
<tr><form method=&quot;POST&quot; action=&quot;addComment.asp?id=<% =intPollID %>&quot; id=&quot;comments&quot; name=&quot;formComments&quot;>
<td align=&quot;left&quot; class=&quot;baseFont12&quot; bgcolor=&quot;#3366CC&quot;><br><font color=&quot;#FFFFFF&quot;>Tell us what you think:</font></td></tr>
<tr><td bgcolor=&quot;#3366CC&quot;><img src=&quot;dot_clear.gif&quot; width=&quot;20&quot; height=&quot;0&quot;><font color=&quot;#FFFFFF&quot;>Name:<input type=&quot;text&quot; name=&quot;author&quot; size=&quot;20&quot; tabindex=&quot;1&quot; onChange=&quot;return checkLength(this.value)&quot;> </td></tr>
<tr><td bgcolor=&quot;#3366CC&quot;><img src=&quot;dot_clear.gif&quot; width=&quot;20&quot; height=&quot;0&quot;><font color=&quot;#FFFFFF&quot;>Comments:<input type=&quot;text&quot; name=&quot;comments&quot; size=&quot;60&quot; tabindex=&quot;2&quot; onChange=&quot;return checkLength(this.value)&quot;><br><center><input type=&quot;submit&quot; Value=&quot;WRITE YOUR COMMENT&quot; name=&quot;B1&quot;><br> </center> </td></tr></form>
</table>

 
Upvote 0 Downvote
sorry about that. forgot to place it back in.
it's working here. what error if any are you getting or is it just not working for you if you enter more then 25 char's without spaces I dare to learn more
admin@onpntwebdesigns.com
 
Upvote 0 Downvote
OK. It seems to be doing it, after adding the ID back in. We'll see if the goofball shows up tonight and tries anything.


Thanks for your help. It's been fun and educational.
 
Upvote 0 Downvote
Not sure how the guy is doing it, but he was able to add a long string of characters last night. If validation is done is Java, can the browsers use of java be turned off? I need to switch to more robust 'server-side' asp or something.

This is war.

Any good code for 'server-side' asp vbscript?
 
Upvote 0 Downvote
yes, if javascript is turned off then the validation will not work. simply check for the fact if it is or not and tell them they need it turned on in order to contact you. The number of parinoid users out there that actually think javascript can hurt anything is so small that you will not lose anything by making this a requirment. I dare to learn more
admin@onpntwebdesigns.com
 
Upvote 0 Downvote
Or you could set up IIS and make an ASP page to log IP numbers, so the next time you get him you'll get his IP. Then you just add it into your code, maybe give anyone coming from that IP Address a screen filled with 9's :)
-Tarwn --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

AbidingDude
  • Locked
  • Question
Where Does The &quot;name&quot; Attribute Stand?
Replies
1
Views
122
gmmastros
gmmastros
Mike Lewis
  • Locked
  • Question
Anyone here got any experience of Grid.JS (a sortable Javascript grid) 1
Replies
5
Views
712
Mike Lewis
Mike Lewis
lexer
  • Locked
  • Question
Passing fields from (html-JavaScript) table to JavaScript Function
Replies
0
Views
310
lexer
lexer
malpa
  • Locked
  • Question
Graph the selection of a html table row
Replies
0
Views
319
malpa
malpa
tonynsx
  • Locked
  • Question
document.getElementById(&quot;main&quot;).innerHTML not working
Replies
1
Views
110
ggriffit
ggriffit

Part and Inventory Search

Sponsor

Back
Top