Home/ Questions/Q 867281
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T09:56:54+00:00

(EDITED) Hello, In the form below, the field for <div class=urlfield><input name=url type=url id=url

  • 0

(EDITED)

Hello,

In the form below, the field for <div class="urlfield"><input name="url" type="url" id="url" maxlength="500"></div> fine when a URL is submitted that has a “http://&#8221; at the beginning of it.

However, it doesn’t work if a URL is submitted with only a “www.” in front of it, or with neither a “http://&#8221; nor a “www.”

How can I make it work if the submitted URL has any or none of the following at the beginning of it:

http://

www.

http://www.

Thanks in advance,

John

Form:

echo '<div class="submittitle">Submit an item.</div>';  

echo '<form action="http://www...com/.../submit2.php" method="post"> 
    <input type="hidden" value="'.$_SESSION['loginid'].'" name="uid">  

 <div class="submissiontitle"><label for="title">Story Title:</label></div> 
    <div class="submissionfield"><input name="title" type="title" id="title" maxlength="1000"></div>  

 <div class="urltitle"><label for="url">Link:</label></div> 
    <div class="urlfield"><input name="url" type="url" id="url" maxlength="500"></div>

    <div class="submissionbutton"><input name="submit" type="submit" value="Submit"></div> 
</form>
';

submit2.php:

<?php
if($_SERVER['REQUEST_METHOD'] == "POST"){header('Location: http://www...com/.../submit2.php');}

require_once "header.php";


if (isLoggedIn() == true)
{

$remove_array = array('http://www.', 'http://', 'https://', 'https://www.', 'www.');
$cleanurl = str_replace($remove_array, "", $_POST['url']);
$cleanurl = strtolower($cleanurl);
$cleanurl = preg_replace('/\/$/','',$cleanurl);
$cleanurl = stripslashes($cleanurl);

$title = $_POST['title'];
$uid = $_POST['uid'];
$title = mysql_real_escape_string($title);
$title = stripslashes($title);

$cleanurl = mysql_real_escape_string($cleanurl);

$site1 = 'http://' . $cleanurl;

$displayurl = parse_url($site1, PHP_URL_HOST);

function isURL($url1 = NULL) {
        if($url1==NULL) return false;

        $protocol = '(http://|https://)';
        $allowed = '[-a-z0-9]{1,63}';

        $regex = "^". $protocol . // must include the protocol
                         '(' . $allowed . '\.)'. // 1 or several sub domains with a max of 63 chars
                         '[a-z]' . '{2,6}'; // followed by a TLD
        if(eregi($regex, $url1)==true) return true;
        else return false;
}



if(isURL($site1)==true)
 mysql_query("INSERT INTO submission VALUES (NULL, '$uid', '$title', '$cleanurl', '$displayurl', NULL)");
else
 echo "<p class=\"topicu\">Not a valid URL.</p>\n";

} else {
    show_loginform();
}

if (!isLoggedIn())
{
    if (isset($_POST['cmdlogin']))
    {
        if (checkLogin($_POST['username'], $_POST['password']))
        {
            show_userbox();
        } else
        {
            echo "Incorrect Login information !";
            show_loginform();
        }
    } else
    {
        show_loginform();
    }

} else
{
    show_userbox();
}

require_once "footer.php";

?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It looks fine to me, but Echo the value of the passed url at several points to see where the code is failing.

    Edit try making $cleanurl = mysql_real_escape_string($cleanurl);

    $cleanurl = mysql_real_escape_string(trim($cleanurl));

    • 0