Checking Large Chunks of Pasted Text

[ravix76]

Anyone got a pointers to tutorials for checking large chunks of text. I'm fine with the preg_replace command on smaller items (eg checking id's are numbers only etc) but my website requires product manufacturers to cut and paste large chunks of text into an uploadable form. I want to check this (SQL Injection) before inserting it into the SQL database but I'm running into probs with text containing " and `.

 

Here's where I'm at... gotta be an easier way?

 

$pattern="/[^A-Za-z0-9\-\%\.\,\!\(\)\[\]\{\}\:\;\'\"\$\/\^\&\<\>\?\@\_\+\=\ \ ]/"; // Pattern to validate against
if (preg_match($pattern, $producttext)) {
   exit ("Error: Invalid Characters Found In Product Text"); // Stop Script
} 

 

I believe my server / host has MagicQuotes turned on (if it matters)

[effigy]

If your only concern is SQL injection, simply run the string through mysql_real_escape_string (assuming that you're using MySQL). Otherwise, you need to define your other concerns: do you need to worry about HTML tagging? What about XSS? Are you expecting certain formats within the data?