There's been a lot of great articles in the PHP|Architect magazine over
the past 3 months or so about this (http://www.phparch.com) You do have
to purchase back-issues though. Very good articles though. They cover
how to make functions to filter what variables should be sent in, and
how to make sure all the data is what you expect.
Jason Gerfen wrote:
comex wrote:
Similarly is there a library function for escaping database content for
inclusion in HTML pages?
http://php.net/htmlspecialchars
http://php.net/htmlentities
Or roll your own and replace the eregi regex with data that is valid
to your application:
function chk_input( $string ) {
if( eregi( "^[0-9a-z_ -]$", $string ) ) {
return 0;
} else {
return 1;
}
}
if( chk_input( $string ) == 0 ) {
echo "valid";
} else {
echo "invalid";
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
