norNerd Posted November 22, 2009 Share Posted November 22, 2009 Hi people, is there a simple function like the is_numeric to check if text is only containing text not any special characters etc?I know i can use replace funcitons to do this, but that's more waste of time is there is a simple function to check this.Edit:Whoops, ment "if there is a" :)Kris Link to comment Share on other sites More sharing options...
Synook Posted November 23, 2009 Share Posted November 23, 2009 You'll probably have to use a regular expression (also depends on what you mean by "just text"). preg_match("/^[a-z0-9]$/", $text); Link to comment Share on other sites More sharing options...
norNerd Posted November 23, 2009 Author Share Posted November 23, 2009 guess my function will be if(!preg_match("/^[a-z]$/", $text)){ echo "Kladd can only contain text."; exit();} else { mysql_query("myquery");} is the a-z "working" as case-sensitive? in other words, will it echo my error if user writes Hey?Kris Link to comment Share on other sites More sharing options...
norNerd Posted November 23, 2009 Author Share Posted November 23, 2009 And a wird think suddenly showed up // For a little while ago this was functionable, $out1 = str_replace("<br>", " ", $var);//now it's not. Any ideas? tried to use <br>, <, br, > and so on, in own str_replace's, and preg_replace'sbut nothing worked, its in a regular function(var){ function return newvar; } Link to comment Share on other sites More sharing options...
norNerd Posted November 23, 2009 Author Share Posted November 23, 2009 Runned over another tricky injection problem, i cant use htmlspecialchars, becouse a image is required to post a "post", so, will stripslashes will be enough? Or what can i do to make it more secure? Will mysql_real_escape_string work? And yes, ofcourse i chould just test it, but what will that help others? :)Go w3schools ^^, Link to comment Share on other sites More sharing options...
Synook Posted November 23, 2009 Share Posted November 23, 2009 htmlspecialchars() prevents XSS, not SQL injection. You could create a custom bit of markup that represents the image (e.g. in BBCode).What does the complete function in which you use the $out1 variable?Regular expressions are case-sensitive unless used with the i switch (e.g. /expression/i). Link to comment Share on other sites More sharing options...
norNerd Posted November 23, 2009 Author Share Posted November 23, 2009 Code for out1 function matrixStrip($var){ $out1 = str_replace("<br>", " ", $var); return $out1;} solution to this was that i used htmlspecialchars first, in this function: function matrixI($var){ $out1 = mysql_real_escape_string($var); $out2 = htmlspecialchars($out1); $var = $out2; return $var;} The image problem, i found a solution on, by makeing my "writeable" areas to textareas insted of defining them as WYSIWYG areas.So now they see that they really cant post a image in other then my functionable WYSIWYG areas.So my remaining problem is, does my matrixI work as Inject protection? :)Thanks for pointing out that htmlspecialchars does not protect me from injects as a site told me it did :)Kris Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.