Hi folks,

I have 2 very similar html contact forms on my site that run through PHP and get the results to the staff in an email. I use strip_tags to remove malicious content on each step of the form. Recently, a user sent an email that included some URL's. These are them: tucxzglrnuvx, [link=http://crfaggnuncbg.com/]crfaggnuncbg[/link], http://erlcyxsiregi.com/.

They were clickable links. I really don't want that. How can I remove them or make the result simply text, and not a clickable link? Thanks

Member Avatar

Doesn't the striptags get rid of them? Could it possibly be your email client / webmail automatically applying link tags to a 'naked' url in the text? I think DW automatically places text-only urls into link tags.

If the link tags are reintroduced later on, take off the http:// bit with str_replace(). Replace it with an empty string.

You could also use regular expressions to detect an url. These regexes aren't perfect though.

Check curl. You could use it to check if the url is online.

Edit: @ardav: didn't see your reply. sorry :)

Member Avatar

It's OK k - happens all the time (simultaneous posts). :)

Was going to say, be an idea to echo out the content to a blank page for testing purposes. It should show text-only url.

strip_tags() only works if in the original message the link was input using anchor tags. It will end up outputting plain text. If the user inputs the link without anchor tags, strip_tags() does nothing. But str_replace() works. This is what I did:

if(isset($_POST['submit'])) {

			$domains = array('.com', '.org', '.net', '.gov', '.edu', '.mil', '.int');
			$replacement = array('/*com*', '/*org*', '/*net*', '/*gov*', '/*edu*', '/*mil*', '/*int*');

			$to = "***";
			$subject = "***";
			$name_field = strip_tags($_POST['name']);
			$email_field = strip_tags($_POST['email']);
			$phone_field = strip_tags($_POST['phone']);
			$message = strip_tags($_POST['message']);
			$message = str_replace($domains, $replacement, $message);
			$option = $_POST['radio'];
			$body = "From: $name_field\n E-Mail: $email_field\n Phone: $phone_field\n Option: $option\n Message:\n $message\n";
			mail($to, $subject, $body);

It's not perfect, but I think it's the best I can do. I wasn't sure if I could nest strip_tags and str_replace (I'm sure it can be done, but this works). I tried replacing http with an empty string, but the links still worked. I don't know how, but they did. By replacing the TLD, the links are clickable, but they go nowhere.

Thanks for the help guys. I knew DaniWeb would come through. Just out of curiosity, what would I do with curl to solve the original problem.

Member Avatar

You could try this. Seems to work. However it uses the deprecated ereg_replace as opposed to the preg_replace. I'm a complete numpty when it comes to regex, so I can't help with the conversion. Placing @ at the front will stop the error message (depracated).

$str = "...whatever..."; //this is the message field

$exp = "(https?://)?(www\.)?([a-zA-z0-9\.])*[a-zA-Z0-9]*\.[a-z]{2,3}";
$str = @ereg_replace($exp, 'XXX-URL-XXX', $str);

echo $str;