How can I make my text boxes and text areas more secure ?

[Guest upirate]

Pretty much user gets to a page where there are text boxes and text areas.

 

 

Now I understand that I can do a strip_html and possibly take out any malicious input.

 

 

What else can I do ?

 

I do want the user to be able to atleast go to next line and maybe bold the text.   

 

Problem is that when user enters data in the text area, well it doesnt remember the next lines and join all of them together.

 

 

any ideas ?

[MadTechie]

have you tried using nl2br

<?php
echo nl2br("hello\nworld");
?>

hello\nworld 

be comes

hello<br>world

 

 

basically filtering can be a pain if you want to accept some html, i nomally replace

<B> & </B>

with

[b] & [/b]

then replace back

 

so bold will work bit other html statements like will not

[Demonic]

$post = htmlspecialchars(htmlentities(strip_tags(mysql_real_escape_string($_POST['inputname']))));

 

^Pretty decent for security.

[MadTechie]

this is better 

$string = preg_replace("/[^a-zA-Z0-9]/", "", $string);

[Guest upirate]

so use $string = preg_replace("/[^a-zA-Z0-9]/", "", $string);

 

how would I also allow "[" and "]"

 

weount I need that for my "" and ""

 

 

 

 

 

[neel_basu]

You can validate the fields before processing. you just need to modify your HTML.