i'm trying to strip out tags from form input so that i don't have problems later on with backslashes and quotation marks and semi-colons and stuff, but i can't seem to get it to work.
i've used strip_tags, stripslashes and even stripcslashes. but everytime i purposly add backslashes or less/greater than chars, or +, =, and even (, ), the string gets passed through to the next part of the script.
maybe i'm just not putting the statement in the right place. where should it go? before or after any other error-checking? etc.....
i'm using this:
i'd like to use it to strip unwanted tags from the whole form, but i.... ..don't.. .....know.. ...hoooowww...
$uname = strip_tags ( $uname );
should i just use somthing like this instead?
ohh, i need some sleep.......
$uname = ereg_replace('<([^>]|\n)*>', '', $uname);
help, my brain is melting.
Seems like you checked this page out: http://www.php.net/manual/en/function.strip-tags.php
Anyway, check your PHP version and see the first comment on that page. :)
i got PHP Version 4.0RC1
what's that get me?
tell me you know, pleeeaaaase.
if you dont want issues with backslashes and quotes.. why are you using strip_tags or html_strip_tags.. those get rid of html tags in the form of <tag> ...
a better option is to run the variables through add_slashes() .. so if they input a " .. it turns it into a \" .. so it wouldnt interfere with your code and work work like a standard string
have fun coding!
that's a good point. and the reason that i don't use add_slashes() is bec i didn't know i could use it. i guess my main concern is getting rid of all non-alphanumeric chatacters. the info being entered into the form is username and password and the like so i don't really want usernames like this "123/=0)\\". do you know what i mean?
can you tell me anything about my php version though? it's got me curious now.
well, php 4.0RC1 is quite old... nothing too special about it :)
if you want to lose all non-alphanumeric characters, use ereg() ... regular expressions might be a little confusing
if(!eregi("^([[:alnum:]_-])$",$username)) echo "your username is incorrect";
// create user