Mutley Posted April 14, 2007 Share Posted April 14, 2007 I want to stop people inserting characters into forms (such as !"£$%^&*()><?.,). What's the best way of doing this? Can I stop them from doing it to return a message, or is it better to just wipe the characters before inserting into a database, or both? The only symbols I need is for an e-mail field, which are . - @ otherwise it's just numbers 0-9 and letters A-Z. I found a script to disable input but it doesn't stop people from finding other ways of inputting bad characters. Assistance would be appreciated, thanks. Link to comment https://forums.phpfreaks.com/topic/47038-cleaning-forms/ Share on other sites More sharing options...
paul2463 Posted April 14, 2007 Share Posted April 14, 2007 you could use a function that checks all characters onChange() function badChar() { var textstr = document.getElementById("inputText").value; preg_match it for bad characters if (bad characters found) { alert ("dont enter bad characters and try again"); document.getElementById("inputText").value=""; } } Link to comment https://forums.phpfreaks.com/topic/47038-cleaning-forms/#findComment-229388 Share on other sites More sharing options...
Mutley Posted April 14, 2007 Author Share Posted April 14, 2007 I'd prefer to echo the error, just I don't know how to scan for bad characters in the first place. Link to comment https://forums.phpfreaks.com/topic/47038-cleaning-forms/#findComment-229396 Share on other sites More sharing options...
paul2463 Posted April 14, 2007 Share Posted April 14, 2007 have a look <a href="http://forums.invisionpower.com/lofiversion/index.php/t191442.html"> Here </a> it may help you with what you want Link to comment https://forums.phpfreaks.com/topic/47038-cleaning-forms/#findComment-229401 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.