0

In facebook comment section when i type alt+0173 and press enter it submit my comment as empty comment and i want to avoid this in my website I use the following code.

if ($react == ''){
  #do nothing
} else {
  #insert data
}

but it didn't work and insert the data with letter "A" with two dots on the top see the below image. when i copy and past it shows as "­".

enter image description here

I also try the following code but it also didn't work.

if ($react == '' || $react == '­'){
  #do noting
} else {
  #insert data
}
saqib kifayat
  • 136
  • 2
  • 14

2 Answers2

0

I didn't verify but i think this is your solution:

alt+0173 is ascii char 173 and called Soft hyphen. This is sometimes used to go past security scripts as you see no space but there is a char. So you can use a blocked word like bloc+173 char+ked is shown on screen as blocked but sometimes is is not picked up by the security script.

The following line prevents use of this character by removing it(it has no good use anyways). Put it before your if/else lines.

$string = str_replace(chr(173), "", $string);

in your case:

$react = str_replace(chr(173), "", $react);

So in your case if the string only contains the alt+0173 char the string should now be empty.

Update: But...

In your case there is something strange happening, you say your input is alt+0173 but you get an Ä which is chr(142). Even stranger, when i asked to revert the character string to an ascii char with ord($react); you got chr(97) which is a lowercase 'a'.

As you stated you use ajax, but my knowledge of ajax is minimal so i can't help you there but maybe someone can so i hope i clarified the case a bit.

But my best guess is that something changes the value of $react when in comes from the form to the php script and you should look there.

Firewizz
  • 773
  • 5
  • 17
  • its still not working if ($react == '' || $react == ' ' || $react == chr(0173)){ } else { $reaction = "INSERT INTO `cmnts` (`cmt_by`, `cmt_to`, `cmt`) VALUES ('$logedinuser', '$react_to', '$react')"; $insert_react = mysqli_query($conn, $reaction); } – saqib kifayat Feb 18 '16 at 16:41
  • and it is chr(173) not chr(0173) my bad. but you can trace the char using `echo "Charcode:" . ord($react);` this returns the char index source: http://php.net/manual/en/function.ord.php – Firewizz Feb 18 '16 at 16:44
  • still not getting any solution – saqib kifayat Feb 18 '16 at 17:00
  • what is you're output if you paste `echo "Charcode:" . ord($react);` on the page? what char code do you get? should return 173 – Firewizz Feb 18 '16 at 17:01
  • Ok and what about this before the `if` statement `$react = str_replace(chr(173), "", $react);` – Firewizz Feb 18 '16 at 17:05
  • Shouldnt be that difficult.. :( – Firewizz Feb 18 '16 at 17:06
  • Then filter on 'chr(97)' – Firewizz Feb 18 '16 at 17:08
  • not working if ($react == chr(97)){ } else { $reaction = "INSERT INTO `cmnts` (`cmt_by`, `cmt_to`, `cmt`) VALUES ('$logedinuser', '$react_to', '$react')"; $insert_react = mysqli_query($conn, $reaction); } – saqib kifayat Feb 18 '16 at 17:10
  • is their any javascript way to do this as i am using ajax – saqib kifayat Feb 18 '16 at 17:13
  • Sorry i cant help you with ajax, i am a php programmer. – Firewizz Feb 18 '16 at 17:14
  • ok thanks for your time. I think i should leave it as it is for now and i will continue to solve this solution tomorrow and will post it here after i get the solution. – saqib kifayat Feb 18 '16 at 17:16
  • 1
    But char 97 is very strange since it is a lowecase a according to the ascii chart. But if you reverse the string value with 'ord()' you should catch it with 'chr()' so i am really confused in what is happening there, and when intest it locally there is no problem. But stil would use the '$react = str_replace(chr(173), "", $react)' tho to filter out the minispace char – Firewizz Feb 18 '16 at 17:20
0

This method helped me to solve the answer.

source: Remove alt-codes from string 

  $unwanted_array = array( 'Ä'=>'A' );
  $react = strtr( $react, $unwanted_array );

  $newreact = preg_replace("/[^A-Za-z]+/i", " ", $react); 


  if ($newreact == "" || $newreact == " "){
    #do nothing
  } else {
    #insert data
  }
Community
  • 1
  • 1
saqib kifayat
  • 136
  • 2
  • 14