1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2000
    Rep Power
    Because I have several TEXT fields in my MySQL database, I need to know how to validate that only alphanumeric characters have been entered -- as this data will be echoed back to the user upon completion of the form.

    Therefore, I need to prevent any malicious text from being entered into the form (SSIs, HTML formatting, etc.)

    Is there any way to do this?

    So far, I've only been referred to addslashes(). I've managed to use the following function:

    function validate_text($text) {
    $text = addslashes($text);
    return ($text); }

    $input_text = validate_text($input text);

    But this only escapes single and double quotes with the slash. URLs, SSI statements, etc. remain untouched.

    Can anyone advise please?
  2. #2
  3. No Profile Picture
    Apprentice Deity
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Jul 1999
    Niagara Falls (On the wrong side of the gorge)
    Rep Power
    You don't need to do this before storing in the db. I'd do it when displaying it back using htmlentities()

    Doing it before storing means you have to translate it back if it is to be edited.

Similar Threads

  1. help with tables and wordwrapping
    By junkedBrian613 in forum PHP Development
    Replies: 2
    Last Post: February 15th, 2004, 05:42 PM
  2. how to keep table on top, not centered??
    By vinyl in forum HTML Programming
    Replies: 2
    Last Post: January 20th, 2004, 06:19 PM
  3. float question
    By yeah-yeah in forum HTML Programming
    Replies: 10
    Last Post: January 15th, 2004, 03:59 PM
  4. put variable in text field
    By alexmasters in forum PHP Development
    Replies: 3
    Last Post: January 14th, 2004, 07:32 PM
  5. Javascript scrollbar - stuck on last bit
    By NayMyoSan in forum JavaScript Development
    Replies: 0
    Last Post: January 3rd, 2004, 12:05 PM

IMN logo majestic logo threadwatch logo seochat tools logo