I have a form validation field for URL field(top level domains are accepted only), the code:
$xdurl=$xdurl; $xdurl=addslashes($xdurl); $myDomainx = parse_url("$xdurl"); $ifdomain = "" . $myDomainx["path"] . ""; if ($ifdomain!='') { $error = $error . 'Only top-level domains are accepted, for example: http://www.test.com (without "/")'; }
This works for me and for many other people, but I don’t know how some users can “by pass” it and still submit like www.test.com/products(ignore the PHP validation check). Someone knows the hack?
Thank you!