ShoeLace1291 Posted June 28, 2007 Share Posted June 28, 2007 I was wondering how I would be able to keep users from putting certain characters such as <,>,\,/?, etc in text inputs in forms? Quote Link to comment Share on other sites More sharing options...
teng84 Posted June 28, 2007 Share Posted June 28, 2007 if(ereg('(\<(/?[^\>]+)\>)',$string)) { action here } i think its something like that Quote Link to comment Share on other sites More sharing options...
JasonLewis Posted June 28, 2007 Share Posted June 28, 2007 i think you could use htmlentities or one of those functions. http://au.php.net/manual/en/function.htmlentities.php that allows them to enter them but it makes them non-html... Quote Link to comment Share on other sites More sharing options...
ShoeLace1291 Posted June 28, 2007 Author Share Posted June 28, 2007 So if I used htmlentities($_POST['username']); what would that do? Quote Link to comment Share on other sites More sharing options...
JasonLewis Posted June 28, 2007 Share Posted June 28, 2007 did you read the manual? lol... that would help... taken from manual: $str = "A 'quote' is <b>bold</b>"; // Outputs: A 'quote' is <b>bold</b> echo htmlentities($str); // Outputs: A 'quote' is <b>bold</b> echo htmlentities($str, ENT_QUOTES); ?> basically. it would appear as it as written. so if you were to write a link, it would appear as the html and not as the link. i think that makes sense. lol. the < b > tags would appear as that on the screen. so they wouldnt work in making the text bold. Quote Link to comment Share on other sites More sharing options...
teng84 Posted June 28, 2007 Share Posted June 28, 2007 if(ereg('[\<+|\>+|\\+|\/+|\?]',$string)) { echo 'mali'; } that wont accepr ?<>/\ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.