phpisnotfordummies Posted February 28, 2007 Share Posted February 28, 2007 Hello! I'm using the following code to "sanitize" form input. function sanitize($interim) { $interim = stripslashes(trim($interim)); $interim = substr($interim, 0, 50); $interim = htmlentities($interim); $interim = nl2br($interim); $interim = addslashes($interim); return $interim; } $name = sanitize($_POST['name']); However, when I input \, it returns \\, and so on (the script doubles the backslash input). Also, if I input text in Cyrillic (and possibly other non-latin alphabets), the function returns gibberish. For instance, entering "Мир" returns "Ð�иÑ�". Before adding the "sanitize" function the script handled those characters well. What can I do to correct these two issues? Thank you Tony Link to comment https://forums.phpfreaks.com/topic/40527-clean-form-input-function-returns-gibberish/ Share on other sites More sharing options...
Orio Posted February 28, 2007 Share Posted February 28, 2007 1) Use htmlspecialchars() instead of htmlentities(). This would probably solve the Cyrillic characters issue. 2) Remove the addslashes() in the end if you don't want backslashes or quotes to be escaped (with a backslash). 3) Use stripslashes() only if magic_quotes is set. Your function should look like this imo: <?php function sanitize($interim) { $interim = (get_magic_quotes_gpc()) ? trim(stripslashes($interim)) : trim($interim); $interim = substr($interim, 0, 50); $interim = htmlspecialchars($interim); $interim = nl2br($interim); return $interim; } ?> Orio. Link to comment https://forums.phpfreaks.com/topic/40527-clean-form-input-function-returns-gibberish/#findComment-196105 Share on other sites More sharing options...
phpisnotfordummies Posted February 28, 2007 Author Share Posted February 28, 2007 OK, perfect, you're great! The script mails the form submission. So I guess then I will have to html format it, so that the special characters (like &) come up? Thanks Link to comment https://forums.phpfreaks.com/topic/40527-clean-form-input-function-returns-gibberish/#findComment-196166 Share on other sites More sharing options...
Orio Posted February 28, 2007 Share Posted February 28, 2007 That's one option. If you want to send it as a regular mail, remove the nl2br() part and htmlspecialchars(). This way, if you send it as plain text, the html will have no affect so it will be ok. Also- are you sure you want to sure the substr() part? Why do you want only the 50 first characters? Orio. Link to comment https://forums.phpfreaks.com/topic/40527-clean-form-input-function-returns-gibberish/#findComment-196174 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.