Results 1 to 2 of 2
Thread: what kind of regexp to use
Oct 6, 2004, 09:50 #1
what kind of regexp to use
I have a form where the user can type a comment/message and request it to be posted on the website.What characters should I allow and disallow?The genuine user might use characters like < > @ () etc in the message and I dont want them to get a message asking them to remove the characters but at the same time I dont want to allow an sql injection string.
Please suggest a regexp to use for this example since the comment can be really long and I'm not sure how to check the entire comment for illegal characters.
Lastly,it might be a good idea to remove the illegal characters or change them to something that would be harmless(such as using the htmlspecialchars() function) instead of prompting them to remove the illegal characters.How can I use regexps to do that?Right now all I can do with regexps is to check if a character has any illegal characters and perform an action based on the result,but dont know how to remove the illegal chars.
Sorry for such a long post
Oct 8, 2004, 13:37 #2
- Join Date
- Jul 2004
- Raleigh, NC
- 0 Post(s)
- 0 Thread(s)
i wouldn't worry about removing them at all. just use functions like htmlspecialchars to convert them to displayable html and addslashes to avoid sql injections