Re: Unique Format

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Use htmlentities() or htmlspecialchars()...

---John Holmes...

----- Original Message ----- 
From: "Tonya" <php@asksummer.com>
To: <php-db@lists.php.net>
Sent: Wednesday, October 22, 2003 1:07 PM
Subject:  Unique Format


PHP 4.3.3 and MYSQL

I am constructing a site for gamers that has a member registration form with
field 'Game Handle'.

Gamers are funny in that their game alias can include just about any
character you can imagine.  Setting up an ereg for this would be quite
difficult.  However, I *do* want to protect my site from any malicious data
entry.

I have tried to strip_tags this field, but many gamers put their team tags
in their handle or use < and > characters within the name, so an input like
"<team9>Jester" results in the team being taken out and only Jester being
left.  While that is not so bad, if the user inputs a name like G<o>D, it
changes the name signficantly.

Anyone have any suggestions on how I can format the game handle variable so
that it allows these characters while not leaving my site subject to
malicious input?

Thanks!

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux