RES: validating textarea using php

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> You really should use htmlspecialchars before showing any user 
> stipulated HTML to help prevent security holes. Also you can use short 
> tags (popular...) to make the HTML more readable. Eg:
<snip>
> <?=htmlspecialchars($comments)?>

Just to add, short tags are not recommended for conflicts with XMLs. Use
<?php echo $htmlspecialchars($comments)?> instead.


Atenciosamente,
www.softpartech.com.br
Thiago Henrique Pojda
Desenvolvimento Web
+55 41 3033-7676
thiago.pojda@xxxxxxxxxxxxxxxxxx
Excelência em Softwares Financeiros


-----Mensagem original-----
De: Richard Heyes [mailto:richardh@xxxxxxxxxxx] 
Enviada em: terça-feira, 13 de maio de 2008 11:45
Para: Sudhakar
Cc: php-general@xxxxxxxxxxxxx
Assunto: Re:  validating textarea using php

> i need to validate textarea of a html form using php
> 
> <textarea name="comments" cols="26" rows="3" id="comments"><?php
> echo($comments);?></textarea>

You really should use htmlspecialchars before showing any user 
stipulated HTML to help prevent security holes. Also you can use short 
tags (popular...) to make the HTML more readable. Eg:

<textarea name="comments" cols="26" rows="3" id="comments">
     <?=htmlspecialchars($comments)?>
</textarea>

> presently my php code to validate the text area is
> 
> if($comments == "" )

You should not rely on register_globals, and use either $_GET or $_POST 
instead depending on which methoed to send your form details back to the 
server. Eg:

if($_POST['comments'] == '' ) {
     ...
}

> with this code if a user hits the space bar once or couple of times as a
> matter of fact there are no characters entered by the user i do not want
> this to happen, if a user simply hits the spacebar and does not type
> anything i should be able to display an alert message.

You can use the trim() function to determine whether a variable is just 
whitespace.

$comments = trim($_POST['comments']);

if ($comments == '') {
	// Show error message
}

-- 
Richard Heyes

+----------------------------------------+
| Access SSH with a Windows mapped drive |
|    http://www.phpguru.org/sftpdrive    |
+----------------------------------------+

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux