son Posted October 24, 2011 Share Posted October 24, 2011 Hi guys,I have been agonising about this for some time and would like to ask for advice. There is a large amount of samples to check for right pattern of web addresses and I am not sure how far I have to go... I simply want to make sure that the right syntax is used. If user forget http:// and/or www I am not so bothered. What do you guys usually do? Also, I learned never to make password fields stickly, but have come across stickly ones here and there. Am I too protective and should change my ways? Thanks,Son Link to comment Share on other sites More sharing options...
Ingolme Posted October 24, 2011 Share Posted October 24, 2011 Usually, if I need a URL, I put http:// outside the box so that users know that they don't need to put it: <label><span>URL: http:// <input type="text" name="url"></label> What do you mean by "stickly"? Link to comment Share on other sites More sharing options...
son Posted October 24, 2011 Author Share Posted October 24, 2011 Do you not validate at all for the rest of URL? As for 'stickly': I mean sticky. Sorry for spelling mistake. When user sumits form and one or several entries need to be entered/changed the rest does not need to be entered any more... Son Link to comment Share on other sites More sharing options...
Ingolme Posted October 24, 2011 Share Posted October 24, 2011 You can just test for http:// at the beginning of a URL and remove it. // If the URL begins with http:// then remove itif(strpos($url, 'http://') === 0) { $url = substr($url, 7); // Cut off the first seven characters} Link to comment Share on other sites More sharing options...
son Posted October 24, 2011 Author Share Posted October 24, 2011 I take it you do not check for anything else (like characters that are not allowed in domain and/or web pages etc)? Son Link to comment Share on other sites More sharing options...
Ingolme Posted October 24, 2011 Share Posted October 24, 2011 Well, not usually. If they make the link wrong on their profile it's their problem. I do encode the URL before using it on the page, but that happens when I take it out of the database.There's a chance of injection with "javascript: " but if you automatically append http:// before it that can't happen. Link to comment Share on other sites More sharing options...
son Posted October 25, 2011 Author Share Posted October 25, 2011 Thanks for your input:-) Will use a similar approach... Son Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.