ckrudelux Posted April 25, 2009 Share Posted April 25, 2009 Hello everyone.I'm trying to make my input fields more safe.So far I have used this htmlspecialchars(); and mysql_real_escape_string(); code.what else can I do to prevent nasty users? Link to comment Share on other sites More sharing options...
zppblood Posted April 25, 2009 Share Posted April 25, 2009 You can use regular expressions. Link to comment Share on other sites More sharing options...
ckrudelux Posted April 26, 2009 Author Share Posted April 26, 2009 You can use regular expressions.Sorry but what? kind of new to php.. so what did you just say? Link to comment Share on other sites More sharing options...
Synook Posted April 26, 2009 Share Posted April 26, 2009 http://www.php.net/preg_match Link to comment Share on other sites More sharing options...
zppblood Posted April 26, 2009 Share Posted April 26, 2009 http://www.regular-expressions.info/tutorial.html Link to comment Share on other sites More sharing options...
ckrudelux Posted April 26, 2009 Author Share Posted April 26, 2009 http://www.php.net/preg_matchOkay.. what symbols to replace I know some but not all of them? Link to comment Share on other sites More sharing options...
chibineku Posted April 26, 2009 Share Posted April 26, 2009 http://www.regular-expressions.info/tutorial.htmlVery interesting, but god damn is that a dense bit of code! I have only just started to look into PHP and it's at once powerfully elegant and dense as rock. Link to comment Share on other sites More sharing options...
Ingolme Posted April 26, 2009 Share Posted April 26, 2009 You shouldn't need regular expressions for safety.htmlspecialchars() and mysql_real_escape_string() are enough for strings, and for numbers you only need intval() or floatval() (int is a number without decimals, float is a number with decimals).Regular expressions are used to see if E-mail addresses or phone numbers have the right format, but they don't do anything for security. Link to comment Share on other sites More sharing options...
Synook Posted April 26, 2009 Share Posted April 26, 2009 Regular expressions actually come from Unix. Okay.. what symbols to replace I know some but not all of them?Depends where your data is headed for. For example, if it was intended for a CSV file you might want to remove commas outside strings. Link to comment Share on other sites More sharing options...
ckrudelux Posted April 26, 2009 Author Share Posted April 26, 2009 You shouldn't need regular expressions for safety.htmlspecialchars() and mysql_real_escape_string() are enough for strings, and for numbers you only need intval() or floatval() (int is a number without decimals, float is a number with decimals).Regular expressions are used to see if E-mail addresses or phone numbers have the right format, but they don't do anything for security.Okay... Then I know Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.