deerly Posted March 27, 2009 Share Posted March 27, 2009 Hello! I am currently working on a project that is unable to use the handy-dandy filter_var functions because it is using an older version of PHP5. Obviously I still want to filter the input but I don't want to make things slow with a complicated regular expression if I don't have to. This is actually something that's always confused me -- how would you want to go about filtering a block of text that should be able to use punctuation including single and double quotes? Would strip_tags be a good enough filter for a title and block of message text to be safe but still allow the user to freely use punctuation or is this too easily exploited? Thanks for any ideas and insight that I am missing! Quote Link to comment Share on other sites More sharing options...
genericnumber1 Posted March 27, 2009 Share Posted March 27, 2009 htmlentities is one of my favorites. Quote Link to comment Share on other sites More sharing options...
deerly Posted March 27, 2009 Author Share Posted March 27, 2009 ??? Isn't that something you would use to escape output? At least that was my impression. I'm just trying to filter the input. Sorry if I am confused! Quote Link to comment Share on other sites More sharing options...
genericnumber1 Posted March 27, 2009 Share Posted March 27, 2009 If by filter, you mean strip things you don't like, yes, it doesn't filter. I typically avoid doing such a thing on input that doesn't need to meet specific restrictions. For instance I will be specific with characters in a username, password, etc, but I wouldn't filter a user's post to his blog. Sometimes people like to use things that could qualify as "scary" to an algorithm, for instance mathematic inequalities (5 > 4 > 3) could scare some html stripping algorithms. I don't expect my user to know HTML, so I don't expect them to know how to avoid posting strings that look like html. If they want to post something like... [pre]<a href="candy.jpg"></a>[/pre] Sure, I'll let them do it, but it's also sure as hell going to end up being... [pre]<a href="candy.jpg"></a>[/pre] ...once it is sent to other users. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.