bruce <mailto:bedouglas@xxxxxxxxxxxxx> on Thursday, September 22, 2005 11:58 AM said: > hey chris... Hi. > so you're sayng that if data is outside of a-zA-Z0-9 "'" then it > should probably fail the regex anyway.. and it should error out.. (Where did that apostrophe come from? That wasn't in my list on purpose.) Yes and no. It all depends on what kind of data you're expecting. Here are some quick assumptions. (Assuming US style data.) A zip code should only contain: 0-9 - A zip code does not need to be escaped because it doesn't have any special db characters in it like the apostrophe. A name should only contain: a-z A-Z 0-9 - ' A name should be escaped because it might possibly have an apostrophe in it. A phone number should only contain: 0-9 ( ) - . A phone number does not need to be escaped because it doesn't have any special db characters in it like the apostrophe. A paragraph (or rather, very general input) on the other hand is more complicated because it's very application specific. If your paragraph could possibly have some HTML in it and still be valid then of course you would not be using simply a-z A-Z 0-9 for validation. But at the same time you would definitely want to escape the string. > if > i understnad you, you're also saying that if the information has an " > ' " in it, then it should be escaped, but you didn't say how.! Yes that's correct. Google is your friend. But in any case you can do mysql_escape_string(). (Note: You don't have to deslash your data on the way out, it only happens on the way in.) > also, what's the function of the 'addslashes', and when is it used?! I don't use addslahes() much. A good place to start reading would be www.php.net/addslahes hth, Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
