Safe charaters question

[dan_t]

Hi Guys,

I've got a function for making input safe. One takes from a textarea on a form.

The problem is when someone types a few paragraphs in it, using regular sentence stuff like ( ' , . () ? ) it kicks it out and gives them my error message.

How can I keep out the unsafe stuff, but still allow someone to "speak their mind"? Something like a preg_replace maybe?

If so, how can I add it on to my other function?

Thanks

Dan

[kenrbnsn]

Can you post the code you're currently using?

 

Ken

[dan_t]

function safe_mode($string)
{
$string = strip_tags($string);
$string = stripcslashes($string);
$string = trim($string);
$string = htmlentities($string);
$string = htmlspecialchars($string);

return $string;
}




$userId = safe_mode($_POST['userId']);

 

What part of this would kick out the charaters?

 

The other parts just a standard textarea, it works unless you put in a " ' " that's what kicked out on me. just the '

[dan_t]

Sorry that last line had userId it is the wrong line.

The correct line is:

$about = nl2br(safe_mode($_POST['about_me']));

 

Sorry about that.

 

Just a simple word like "that's" seems to make it error.

I'm I better of cutting down on some of the  function? Like is htmlspecialchars and htmlentities overkill?

[kenrbnsn]

I just tried your function with this quick test:

<?php
function safe_mode($string)
{
$string = strip_tags($string);
$string = stripcslashes($string);
$string = trim($string);
$string = htmlentities($string);
$string = htmlspecialchars($string);

return $string;
}
echo nl2br(safe_mode("that's"));
?>

and there was no problem. Perhaps your problem is somewhere else in your code.

 

Ken