SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    FBI secret agent digitman's Avatar
    Join Date
    Sep 2004
    Location
    Work
    Posts
    697
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    what kind of regexp to use

    Hi.
    I have a form where the user can type a comment/message and request it to be posted on the website.What characters should I allow and disallow?The genuine user might use characters like < > @ () etc in the message and I dont want them to get a message asking them to remove the characters but at the same time I dont want to allow an sql injection string.

    Please suggest a regexp to use for this example since the comment can be really long and I'm not sure how to check the entire comment for illegal characters.

    Lastly,it might be a good idea to remove the illegal characters or change them to something that would be harmless(such as using the htmlspecialchars() function) instead of prompting them to remove the illegal characters.How can I use regexps to do that?Right now all I can do with regexps is to check if a character has any illegal characters and perform an action based on the result,but dont know how to remove the illegal chars.

    Sorry for such a long post

  2. #2
    SitePoint Guru
    Join Date
    Jul 2004
    Location
    Raleigh, NC
    Posts
    783
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i wouldn't worry about removing them at all. just use functions like htmlspecialchars to convert them to displayable html and addslashes to avoid sql injections


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •