phat_hip_prog Posted September 10, 2007 Share Posted September 10, 2007 Heyho! When validating user input I check it's not empty and then run 'mysql_real_escape_string($s)', I was then going to make sure that it is only alphanumeric, but I wanted to allow certain other characters as well. Realising this must be done before the mysql escape check, what characters should be blocked because they are dangerous, I can only really think of quotes and $. The real escape check should handle the quotes issue, so is the $ an issue or not? :-\ Link to comment https://forums.phpfreaks.com/topic/68695-form-field-validation/ Share on other sites More sharing options...
Ninjakreborn Posted September 10, 2007 Share Posted September 10, 2007 Regular Expressions. Link to comment https://forums.phpfreaks.com/topic/68695-form-field-validation/#findComment-345324 Share on other sites More sharing options...
phat_hip_prog Posted September 10, 2007 Author Share Posted September 10, 2007 How do you mean, yes to remove undesirables i'd use preg_replace(), but are you saying some form of regex could be evaluated just by being in there??? Surely not? There are two points where input is evaluated, well one really and that's input by admin only... Please clarify and example if this is what you meant? Link to comment https://forums.phpfreaks.com/topic/68695-form-field-validation/#findComment-345342 Share on other sites More sharing options...
Daniel0 Posted September 10, 2007 Share Posted September 10, 2007 so is the $ an issue or not? :-\ Not. mysql_real_escape_string() will take care of all "dangerous" characters for queries. Link to comment https://forums.phpfreaks.com/topic/68695-form-field-validation/#findComment-345346 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.