block similar character sequence

[WesleyA 0]

I'm looking for a way to block input in a text field occuring more than 5 times. For example

 

aaaaaa

 

is wrong but:

 

A sentence having an input of a happening several times or even more is okay.

 

above sentence has 7 inputs and shouldnt be blocked.

 

What is the solution?

[davej 251]

There is almost certainly a regex solution, but I would just use a simple loop to step though the string.

 

Here is a Javascript version. Php would be similar.

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"/><title>title</title><style>[type=text]{width:600px;}</style><script>window.onerror = function(a,b,c){alert('Javascript Error: '+a+'nURL: '+b+'nLine Number: '+c);return true;}</script><script>'use strict';function init() {document.getElementById('btn1').onclick = process;}function process(){var max = 5;var instr = document.getElementById('in1').value;var dupes = 0;var fail = false;for(var i=1,len=instr.length; i<len ; i++){  if (instr[i]===instr[i-1]){    dupes++;  }else{    dupes=0;  }  if(dupes>max-1){    fail = true;  }}if(!fail){  document.getElementById('out1').innerHTML = instr;}else{  document.getElementById('out1').innerHTML = 'input string failed test';}}//end of functionwindow.onload = init;</script></head><body><input type="text" id="in1"/><input type="button" id="btn1" value="Enter"/><div id="out1"></div></body>    </html>

[Ingolme 1,020]

Just loop through the string. Much better and more efficient than a regex for this case.

 

The logic would be this:

Set counter to zero

Loop through the string

For each letter in the string

- If the letter is the same as before, add 1 to the counter

- If the letter is different than the one before then set the counter to zero

If the counter is greater than five set a flag to indicate that the string is invalid.

[WesleyA 0]

Well I could use Javascript possibly, but I prefer PHP.

 

The reason is that sometimes browsers dont process javascript. I want to avoid that problem. So for me it is either PHP unless there is a waterproof script that tracks down browsers not using javascript.

 

Is there?

[dsonesuk 913]

It would mean using form to submit to itself, retrieve string value, process similar to davej js version, the result would be assigned to varible and then the result echoed out within id="out1" element.

[justsomeguy 1,135]

This regular expression will match any character repeated 5 times:/(.)1{5,}/

[davej 251]

I'm looking for a way to block input in a text field occurring more than 5 times.

 

What is this input? What are you going to do with this input? Validation of user inputs is commonly done both in Javascript for speedy response and then again in Php for security.

[WesleyA 0]

This regular expression will match any character repeated 5 times:/(.)1{5,}/

 

I liked this posting

[WesleyA 0]

 

What is this input? What are you going to do with this input? Validation of user inputs is commonly done both in Javascript for speedy response and then again in Php for security.

 

The input is a link or a description. My goal is to make it safe first. If I'm ready with the 'network' part the part that is done with PHP and MySQL then I'll do javascript.

 

But one other thing: I figured out programmers also use perl for validation.

 

What is the difference or (dis)advantage of perl validation in relation to php?

[davej 251]

Are you going to store this string in a database?

[WesleyA 0]

Are you going to store this string in a database?

yes.

 

But I have another question about correcting wrong input.

 

If a user types his name like: JohnEastwoodJohnEastwood I would consider it as wrong because it's double and so I would like to stop it by modifying the entire string. Is that possible?

 

I searched for it but coud not find if a string could be used as a modifier.

 

Does anyone know that?

[dsonesuk 913]

You can't allow for every combination, you can filter out attempts to inject code, invalid characters etc but you have to allow proper users to use common sense to check details and fill out a form correctly, and the use of confirmation page and confirm email page, can help to weed out undesirables, but that won't catch all because there are sites where you can create a 10min email (google).

[WesleyA 0]

You can't allow for every combination, you can filter out attempts to inject code, invalid characters etc but you have to allow proper users to use common sense to check details and fill out a form correctly, and the use of confirmation page and confirm email page, can help to weed out undesirables, but that won't catch all because there are sites where you can create a 10min email (google).

 

Yes I think it is not possible to secure something a 100%. But why not try to get as close as possible. But security is now not yet the issue for me as validating is more then just having crappy code in your database. An empty record is also useless even if it is done by accident.

 

I found some code I changed:

    <?php    $string = "namename";    $newstring = str_replace("name", "Foo", $string, $count);       print "$count changes were made.n";     if ($count>1)    {    echo "<br> ". $newstring;}    ?>

But the problem is that if you make a string like this;

    <?php    $string = "Hey name you can type your name in this field. Bye name";    $newstring = str_replace("name", "", $string, $count);       print "$count changes were made.n";     if ($count>1)    {    echo "<br> ". $newstring;}    ?>

This causes the wrong output and I want to have the correct one, is there a solution?

[Ingolme 1,020]

This attempt at filtering, if it even works, will actually block out legitimate users. Some names actually have repeating sequences in them and are valid.

 

The only thing you should try to filter is data that is not good for the system, such as an empty field or attempts at code injection; otherwise you risk losing real clients.

 

If you want to stop robots, try the honeypot technique. This technique involves putting an invisible form field on your page with something generic such as "name" or "email" but making it invisible. If the field is filled in then you know a robot did it, because humans can't see that field.

[davej 251]

How did you come up with the idea that blocking duplicate characters was something you should try to do?