User Inputs!

[ckrudelux]

Hello everyone.I'm trying to make my input fields more safe.So far I have used this htmlspecialchars(); and mysql_real_escape_string(); code.what else can I do to prevent nasty users?

[zppblood]

You can use regular expressions.

[ckrudelux]

You can use regular expressions.

Sorry but what? kind of new to php.. so what did you just say?

[Synook]

http://www.php.net/preg_match

[zppblood]

http://www.regular-expressions.info/tutorial.html

[ckrudelux]

http://www.php.net/preg_match

Okay.. what symbols to replace I know some but not all of them?

[chibineku]

http://www.regular-expressions.info/tutorial.html

Very interesting, but god damn is that a dense bit of code! I have only just started to look into PHP and it's at once powerfully elegant and dense as rock.

[Ingolme]

You shouldn't need regular expressions for safety.htmlspecialchars() and mysql_real_escape_string() are enough for strings, and for numbers you only need intval() or floatval() (int is a number without decimals, float is a number with decimals).Regular expressions are used to see if E-mail addresses or phone numbers have the right format, but they don't do anything for security.

[Synook]

Regular expressions actually come from Unix.

Okay.. what symbols to replace I know some but not all of them?

Depends where your data is headed for. For example, if it was intended for a CSV file you might want to remove commas outside strings.

[ckrudelux]

You shouldn't need regular expressions for safety.htmlspecialchars() and mysql_real_escape_string() are enough for strings, and for numbers you only need intval() or floatval() (int is a number without decimals, float is a number with decimals).Regular expressions are used to see if E-mail addresses or phone numbers have the right format, but they don't do anything for security.

Okay... Then I know