SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Zealot
    Join Date
    Nov 2005
    Posts
    117
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    block <? and ?> on form submit

    How is the best way to block the following chars in the form submit?

    <? and ?>

    For example, if a user submits
    Name: <? die(); ?>

    it will not display nothing but it will accept the submit...

    I would like to know the best form to block this.

  2. #2
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,804
    Mentioned
    157 Post(s)
    Tagged
    3 Thread(s)
    striptags, htmlentities or htmlspecialchars should sort it out.
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  3. #3
    SitePoint Enthusiast
    Join Date
    Jun 2004
    Location
    EU/UK+DK
    Posts
    61
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You might want to look into regular expressions for data validation. Check out the php.net section on them, if that's what you're after.

    If all you want to do is make the form value safe for using in your markup after submission, then run it through htmlentities(). If it needs to be escaped for database insertion, use the appropriate DB-specific function (e.g. mysql_real_escape_string() for MySQL).
    The plus sign (+) is valid within an email address; please do not
    write or suggest code that precludes its use, as many use it as a
    "label" to filter incoming mail. </crusade>

  4. #4
    SitePoint Addict GeertDD's Avatar
    Join Date
    Feb 2005
    Location
    Belgium
    Posts
    334
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I recommend htmlspecialchars, but if you really would like to delete it you could use this regex:
    PHP Code:
    $str = 'some text and <?php code ?> or <? short tags?>';
    echo preg_replace('/<\?.*?\?>/', '', $str);

  5. #5
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yeah htmlspecialchars()

    but another things. are you writing this data to a file and then using include() on it? you probably shouldnt do that, unless there will be php code in the file you want to parse. i have a feeling you dont need the file parsed, in which case you should be using
    echo file_get_contents();


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •