dan_t Posted May 12, 2010 Share Posted May 12, 2010 Hi Guys, I've got a function for making input safe. One takes from a textarea on a form. The problem is when someone types a few paragraphs in it, using regular sentence stuff like ( ' , . () ? ) it kicks it out and gives them my error message. How can I keep out the unsafe stuff, but still allow someone to "speak their mind"? Something like a preg_replace maybe? If so, how can I add it on to my other function? Thanks Dan Link to comment https://forums.phpfreaks.com/topic/201451-safe-charaters-question/ Share on other sites More sharing options...
kenrbnsn Posted May 12, 2010 Share Posted May 12, 2010 Can you post the code you're currently using? Ken Link to comment https://forums.phpfreaks.com/topic/201451-safe-charaters-question/#findComment-1056891 Share on other sites More sharing options...
dan_t Posted May 12, 2010 Author Share Posted May 12, 2010 function safe_mode($string) { $string = strip_tags($string); $string = stripcslashes($string); $string = trim($string); $string = htmlentities($string); $string = htmlspecialchars($string); return $string; } $userId = safe_mode($_POST['userId']); What part of this would kick out the charaters? The other parts just a standard textarea, it works unless you put in a " ' " that's what kicked out on me. just the ' Link to comment https://forums.phpfreaks.com/topic/201451-safe-charaters-question/#findComment-1056894 Share on other sites More sharing options...
dan_t Posted May 12, 2010 Author Share Posted May 12, 2010 Sorry that last line had userId it is the wrong line. The correct line is: $about = nl2br(safe_mode($_POST['about_me'])); Sorry about that. Just a simple word like "that's" seems to make it error. I'm I better of cutting down on some of the function? Like is htmlspecialchars and htmlentities overkill? Link to comment https://forums.phpfreaks.com/topic/201451-safe-charaters-question/#findComment-1056898 Share on other sites More sharing options...
kenrbnsn Posted May 12, 2010 Share Posted May 12, 2010 I just tried your function with this quick test: <?php function safe_mode($string) { $string = strip_tags($string); $string = stripcslashes($string); $string = trim($string); $string = htmlentities($string); $string = htmlspecialchars($string); return $string; } echo nl2br(safe_mode("that's")); ?> and there was no problem. Perhaps your problem is somewhere else in your code. Ken Link to comment https://forums.phpfreaks.com/topic/201451-safe-charaters-question/#findComment-1056903 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.