Validating "Comment" Box

soccer022483 · February 28, 2006

I have a comment textarea on a form. To validate it i'm going to use php regular expressions. Anyone know a good reg exp to use? Or what characters should I allow/not allow? The only one I was thinking would cause problems is "<" and ">". That would prevent html and php and others. Your comments/suggestions?

AndyB · February 28, 2006

The strip_tags() might do all you need.

soccer022483 · February 28, 2006

That's an interesting idea. But should I alert the user that what they entered in invalid, or just strip the tags without them knowing.

XenoPhage · February 28, 2006

Be careful, however. This strips tags, but does not strip quotes. If you're storing the comment in a database, you could open yourself up to a security problem. I urlencode the strings before storing them in the database, then use the following to display it later (note, I use smarty templates, but this should work for straight php as well) :

// "Fix" the free-form text and assign it to the template
if (get_magic_quotes_gpc()) {
$smarty->assign('impact', stripslashes(urldecode($impact)));
} else {
$smarty->assign('impact', urldecode($impact));
}

XenoPhage

kenrbnsn · February 28, 2006

You don't need to do the urlencode/urldecode routine if you use the [a href=\"http://www.php.net/mysql_real_escape_string\" target=\"_blank\"]mysql_real_escape_string[/a]() function when you put the data into the database.

Ken

Sign In

Validating "Comment" Box

Recommended Posts

soccer022483

Link to comment

Share on other sites

AndyB

Link to comment

Share on other sites

soccer022483

Link to comment

Share on other sites

XenoPhage

Link to comment

Share on other sites

kenrbnsn

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information