Jump to content

Checking If Only Text Is Written?


norNerd
 Share

Recommended Posts

Hi people, is there a simple function like the is_numeric to check if text is only containing text not any special characters etc?I know i can use replace funcitons to do this, but that's more waste of time is there is a simple function to check this.Edit:Whoops, ment "if there is a" :)Kris

Edited by norNerd
Link to comment
Share on other sites

You'll probably have to use a regular expression (also depends on what you mean by "just text").

preg_match("/^[a-z0-9]$/", $text);

Link to comment
Share on other sites

guess my function will be

if(!preg_match("/^[a-z]$/", $text)){ echo "Kladd can only contain text."; exit();} else { mysql_query("myquery");}

is the a-z "working" as case-sensitive? in other words, will it echo my error if user writes Hey?Kris

Link to comment
Share on other sites

And a wird think suddenly showed up

// For a little while ago this was functionable,		$out1 = str_replace("<br>", " ", $var);//now it's not.

Any ideas? tried to use <br>, <, br, > and so on, in own str_replace's, and preg_replace'sbut nothing worked, its in a regular function(var){ function return newvar; }

Link to comment
Share on other sites

Runned over another tricky injection problem, i cant use htmlspecialchars, becouse a image is required to post a "post", so, will stripslashes will be enough? Or what can i do to make it more secure? Will mysql_real_escape_string work? And yes, ofcourse i chould just test it, but what will that help others? :)Go w3schools ^^,

Link to comment
Share on other sites

htmlspecialchars() prevents XSS, not SQL injection. You could create a custom bit of markup that represents the image (e.g. in BBCode).What does the complete function in which you use the $out1 variable?Regular expressions are case-sensitive unless used with the i switch (e.g. /expression/i).

Link to comment
Share on other sites

Code for out1

function matrixStrip($var){		$out1 = str_replace("<br>", " ", $var);		return $out1;}

solution to this was that i used htmlspecialchars first, in this function:

function matrixI($var){	$out1	= mysql_real_escape_string($var);	$out2	= htmlspecialchars($out1);	$var	= $out2;	return $var;}

The image problem, i found a solution on, by makeing my "writeable" areas to textareas insted of defining them as WYSIWYG areas.So now they see that they really cant post a image in other then my functionable WYSIWYG areas.So my remaining problem is, does my matrixI work as Inject protection? :)Thanks for pointing out that htmlspecialchars does not protect me from injects as a site told me it did :)Kris

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...