[SOLVED] How to strip characters

[peranha]

How do you strip special characters from a username, password, other input.

 

here is the code that I currently have, but it doesnt strip ">

$username = empty($_POST['username']) ? die ("<b class=red>Enter A User Name</b>") : mysql_real_escape_string(strip_tags(htmlspecialchars($_POST['username'])));

 

You can register with ">name, and it will let you just fine.

[deansatch]

strip_tags() won't work because > is not a tag but <> is.

 

Not too sure if this would be the best way but it will work:

$tags =  array("<", ">");
$username = str_replace($tags, "", $_POST['username'] );

[peranha]

yes, i know what > is not a tag, but i was woundering how to get rid of a single instance, and how to get rid of " as well.

 

I tried your code, but it doesnt seem to work.

 

// Tags to strip for input.
$tags = array("<", ">");

// username to strip tags from.
$username = str_replace($tags, "", $_POST['username'] );

 

Here is what I input "> asdaf

 

Here is what I get from the output.

 

Here is the username you requested : \"> asdaf

 

Not sure where the \ is coming from either.

[deansatch]

You will have to post a bigger portion of your code as it is now. If you are using htmlspecialchars before the str_replace it won't work. Also it seems you are using addslashes.

To get rid of " you can add it to your array

 

$tags = array('<', '>','"');

[peranha]

I got it to work, I didnt realize i was defining $username further down the page.  thanks for the help, it works great.