> -----Original Message----- > From: Jason Gerfen [mailto:jason.gerfen@xxxxxxxxxxxx] > Sent: 07 December 2005 19:34 > To: comex > Cc: php-general@xxxxxxxxxxxxx > Subject: Re: Preventing Cross Site Scripting Vulnerbilities > function chk_input( $string ) { > if( eregi( "^[0-9a-z_ -]$", $string ) ) { > return 0; > } else { > return 1; > } > } > > if( chk_input( $string ) == 0 ) { > echo "valid"; > } else { > echo "invalid"; > } Urgh! Nothing like making the simple things complicated! ;) The above is effectively the same as (the more readable and more efficient): function chk_input( $string ) { return eregi( "^[0-9a-z_ -]$", $string ); } if (chk_input( $string )) { echo "valid"; else { echo "invalid"; } And, personally, I'd use preg in there rather than ereg, as it's more efficient, more up-to-date, and more supported. Cheers! Mike ------------------------------------------------------------------------ ---------------- Mike Ford, Electronic Information Services Adviser, Learning Support Services, JG125, The Library, James Graham Building, Headingley Campus, Beckett Park, LEEDS, LS6 3QS, United Kingdom Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 To view the terms under which this email is distributed, please go to http://disclaimer.leedsmet.ac.uk/email.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
