SitePoint Sponsor

User Tag List

Results 1 to 6 of 6

Hybrid View

  1. #1
    SitePoint Addict
    Join Date
    Dec 2000
    Location
    BOSTON MA
    Posts
    335
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i'm trying to strip out tags from form input so that i don't have problems later on with backslashes and quotation marks and semi-colons and stuff, but i can't seem to get it to work.
    i've used strip_tags, stripslashes and even stripcslashes. but everytime i purposly add backslashes or less/greater than chars, or +, =, and even (, ), the string gets passed through to the next part of the script.

    maybe i'm just not putting the statement in the right place. where should it go? before or after any other error-checking? etc.....

    i'm using this:
    Code:
    $uname = strip_tags ( $uname );
    i'd like to use it to strip unwanted tags from the whole form, but i.... ..don't.. .....know.. ...hoooowww...

    should i just use somthing like this instead?

    Code:
    $uname = ereg_replace('<([^>]|\n)*>', '', $uname);
    ohh, i need some sleep.......
    help, my brain is melting.
    . . . chris

  2. #2
    AdSpeed.com Son Nguyen's Avatar
    Join Date
    Aug 2000
    Location
    Silicon Valley
    Posts
    2,241
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Seems like you checked this page out: http://www.php.net/manual/en/function.strip-tags.php

    Anyway, check your PHP version and see the first comment on that page.
    - Son Nguyen
    AdSpeed.com - Ad Serving and Ad Management Made Easy

  3. #3
    SitePoint Addict
    Join Date
    Dec 2000
    Location
    BOSTON MA
    Posts
    335
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i got PHP Version 4.0RC1

    what's that get me?
    tell me you know, pleeeaaaase.
    . . . chris

  4. #4
    SitePoint Evangelist
    Join Date
    May 2000
    Location
    Canada
    Posts
    533
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    if you dont want issues with backslashes and quotes.. why are you using strip_tags or html_strip_tags.. those get rid of html tags in the form of <tag> ...

    a better option is to run the variables through add_slashes() .. so if they input a " .. it turns it into a \" .. so it wouldnt interfere with your code and work work like a standard string

    have fun coding!
    cogito, ergo sum

  5. #5
    SitePoint Addict
    Join Date
    Dec 2000
    Location
    BOSTON MA
    Posts
    335
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    that's a good point. and the reason that i don't use add_slashes() is bec i didn't know i could use it. i guess my main concern is getting rid of all non-alphanumeric chatacters. the info being entered into the form is username and password and the like so i don't really want usernames like this "123/=0)\\". do you know what i mean?

    can you tell me anything about my php version though? it's got me curious now.

    thanks
    . . . chris

  6. #6
    SitePoint Evangelist
    Join Date
    May 2000
    Location
    Canada
    Posts
    533
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    well, php 4.0RC1 is quite old... nothing too special about it

    if you want to lose all non-alphanumeric characters, use ereg() ... regular expressions might be a little confusing

    like this:
    if(!eregi("^([[:alnum:]_-])$",$username)) echo "your username is incorrect";

    else
    {
    // create user
    }
    cogito, ergo sum


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •