> You really should use htmlspecialchars before showing any user > stipulated HTML to help prevent security holes. Also you can use short > tags (popular...) to make the HTML more readable. Eg: <snip> > <?=htmlspecialchars($comments)?> Just to add, short tags are not recommended for conflicts with XMLs. Use <?php echo $htmlspecialchars($comments)?> instead. Atenciosamente, www.softpartech.com.br Thiago Henrique Pojda Desenvolvimento Web +55 41 3033-7676 thiago.pojda@xxxxxxxxxxxxxxxxxx Excelência em Softwares Financeiros -----Mensagem original----- De: Richard Heyes [mailto:richardh@xxxxxxxxxxx] Enviada em: terça-feira, 13 de maio de 2008 11:45 Para: Sudhakar Cc: php-general@xxxxxxxxxxxxx Assunto: Re: validating textarea using php > i need to validate textarea of a html form using php > > <textarea name="comments" cols="26" rows="3" id="comments"><?php > echo($comments);?></textarea> You really should use htmlspecialchars before showing any user stipulated HTML to help prevent security holes. Also you can use short tags (popular...) to make the HTML more readable. Eg: <textarea name="comments" cols="26" rows="3" id="comments"> <?=htmlspecialchars($comments)?> </textarea> > presently my php code to validate the text area is > > if($comments == "" ) You should not rely on register_globals, and use either $_GET or $_POST instead depending on which methoed to send your form details back to the server. Eg: if($_POST['comments'] == '' ) { ... } > with this code if a user hits the space bar once or couple of times as a > matter of fact there are no characters entered by the user i do not want > this to happen, if a user simply hits the spacebar and does not type > anything i should be able to display an alert message. You can use the trim() function to determine whether a variable is just whitespace. $comments = trim($_POST['comments']); if ($comments == '') { // Show error message } -- Richard Heyes +----------------------------------------+ | Access SSH with a Windows mapped drive | | http://www.phpguru.org/sftpdrive | +----------------------------------------+ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
