Tom10 Posted April 8, 2015 Share Posted April 8, 2015 Hi, ok so basically i have a forum and want to use a character class to detect if someone is trying to post a thread with a malicious title or message like xss, i have already used a regex in the url to filter characters $url = $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] . ''; if(preg_match("#[^\w\s\b\/\&\?\=\-\.\%\_\[\]]#", $url)) { include 'denied.php'; exit(); } But i'm wondering how can i do something like this for a page? if that makes sense All help very much appreciated, i'm not the best at explaining so if something doesn't make sense please ask and i will try to explain in more detail Link to comment https://forums.phpfreaks.com/topic/295361-having-trouble-with-regex/ Share on other sites More sharing options...
Psycho Posted April 8, 2015 Share Posted April 8, 2015 You should definitely NOT use RegEx for this. All you need is to use the existing function htmlspecialchars() whenever outputting user defined content to the page. You should also use the ENT_QUOTES flag when using it. Link to comment https://forums.phpfreaks.com/topic/295361-having-trouble-with-regex/#findComment-1508534 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.