Jump to content

Archived

This topic is now archived and is closed to further replies.

soccer022483

Validating "Comment" Box

Recommended Posts

I have a comment textarea on a form. To validate it i'm going to use php regular expressions. Anyone know a good reg exp to use? Or what characters should I allow/not allow? The only one I was thinking would cause problems is "<" and ">". That would prevent html and php and others. Your comments/suggestions?

Share this post


Link to post
Share on other sites
That's an interesting idea. But should I alert the user that what they entered in invalid, or just strip the tags without them knowing.

Share this post


Link to post
Share on other sites
Be careful, however. This strips tags, but does not strip quotes. If you're storing the comment in a database, you could open yourself up to a security problem. I urlencode the strings before storing them in the database, then use the following to display it later (note, I use smarty templates, but this should work for straight php as well) :

// "Fix" the free-form text and assign it to the template
if (get_magic_quotes_gpc()) {
$smarty->assign('impact', stripslashes(urldecode($impact)));
} else {
$smarty->assign('impact', urldecode($impact));
}

XenoPhage

Share this post


Link to post
Share on other sites
You don't need to do the urlencode/urldecode routine if you use the [a href=\"http://www.php.net/mysql_real_escape_string\" target=\"_blank\"]mysql_real_escape_string[/a]() function when you put the data into the database.

Ken

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.