What would be the best Regular Expression to use for a Comments field where I basically want people to be able to add any characters that can be found on an English keyboard?
Also, I’m not sure if I want to restrict certain characters for security reasons (e.g. single or double quotes)?!
Any ideas what is the best way to set up such a field and protect my database from obvious security issues?
Thanks,
Debbie
regular expressions in mysql are used to search for patterns, but cannot be used to replace characters
i suspect what you are asking is related to your other thread, although the standing rule around here is that separate threads are for completely separate topics
so perhaps you might want to re-ask this question in the php forum
from a mysql perspective, there’s no issue here – a MEDIUMTEXT column can accept ~any~ characters on an english keyboard
Also, I’m not sure if I want to restrict certain characters for security reasons (e.g. single or double quotes)?!
You would handle that on the front end. When using MySQL for instance use MYSQL_REAL_ESCAPE_STRING to sanitize the user input.
Sorry, Rudy, my brain wasn’t working - AGAIN!!
Yes, I should have asked in the PHP forum.
Can you move this to the PHP forum for me?
Debbie
sorry, i can’t
hit the little red flag (report post) and ask that it be moved
better yet, merged with your other thread
Done 
I am asking this question from two angles:
1.) It is a pain to have to type out every character on my keybaord, so maybe there is a more efficient way?!
2.) From a security standpoint, maybe I don’t want to allow all characters?
Like should I restrict using quotes or slashes?
Debbie
some ideas –
we’ve been through this (we’ve even tested escaping quotes and slashes)
what you want to restrict depends on your application, but mysql can accept all characters that you choose to send it
Or maybe there is a pre-defined class for what I’m trying to do, wise-guy?!
we’ve been through this (we’ve even tested escaping quotes and slashes)
what you want to restrict depends on your application, but mysql can accept all characters that you choose to send it
I’m asking from a hacker’s perspective, and no, this isn’t my former question.
I don’t know what characters can be used to hack a website or database.
For all I know, you should let people use the characters !@#$
From my understanding, htmlspecialchars or htmlentities will convert HTML markup to Plain-Text so that the markup is displayed as it was typed, but the browser won’t pick it up and try t change the formatting or run a script.
But maybe there are other characters that can let the bad gys do things I wouldn’t normally think of?!
We did discuss how single and double quotes can be an issue in SQL, and how mysqli_real_escape_string can help by escaping single and double quotes.
But, again, that isn’t exactly what I asked here…
Debbie
mysql doesn’t have classes
and there is no need to be rude, i’ve done nothing but try to help you
but that’s it, i’m done
plonk
I never said anything about MySQL having classes.
We’re in the PHP forum…
and there is no need to be rude, i’ve done nothing but try to help you
but that’s it, i’m done
plonk
Why is it that when you are overly sarcastic to me it is okay, but when I return the volley you complain? 
Yes, RegEx does have “classes” but I don’t have the book in front of me that described them, thus I asked here.
I’m sure there is a better approach than your sarcastic suggestion to “copy and paste” and something about “voice recognition software”, was it?
Debbie