I have a guest book , and I want to make sure that those people who sign the guest book can't impersonate a member of the web site. the code below checks the input string, which is the guestbook signer's name, against a list of defined web site members. Is there any way to circumvent the code as I've written it?
function validateGuestbookSigner($valToEval,&$errorArray){ echo "Value: $valToEval<BR>"; $valToEval=preg_replace("/[^A-Za-z0-9]/","",$valToEval); echo "Value after stripping all nonessential debris: $valToEval<BR>"; //obtain the list of names to test against $names=getGuestBookNames(); //iterate through each person in the list foreach($names as $name){ //explode to get first and last name $namePieces=explode(",",$name); //look for the last name,case insensitive if(preg_match("/" . $namePieces[0] . "/i", $valToEval)){ $errorArray[]="The last name that it matched is: $namePieces[0]"; $errorArray[]="Please consult the Guestbook Rules for a list of names of those people in the band or are affilliated with the web site "; $errorArray[]="Part of the guestbook signer's name matches a last name that cannot be used"; return false; } //look for the first name,case insensitive //(the name might just be Webmaster, so make sure // to check if first name exists at all) if(count($namePieces)>1){ if(preg_match("/" . $namePieces[1] . "/i", $valToEval)){ $errorArray[]="The first name that it matched is: $namePieces[1]"; $errorArray[]="Please consult the Guestbook rules for a list of names of those people in the band or are affilliated with the web s ite"; $errorArray[]="Part of the guestbook signer's name matches a last name that cannot be used"; return false; } } } return true; } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php