Preventing users from entering "<?" in a textar

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
yoyo
Forum Newbie
Posts: 2
Joined: Fri Jun 28, 2002 8:17 am

Preventing users from entering "<?" in a textar

Post by yoyo »

Could someone please tell me how to disallow input into a form when the user enters such things as "<?". I can use the ereg expression for all other strings, but I run into trouble with this one. Should I be using a Javascript function before the form is submitted or what?

Also, what other strings should I not allow in hopes of limiting my chances of getting hacked.

YoYo
User avatar
hob_goblin
Forum Regular
Posts: 978
Joined: Sun Apr 28, 2002 9:53 pm
Contact:

Post by hob_goblin »

$str = str_replace('<?', "", $str);
$str = str_replace('?>', "", $str);
$str = strip_tags($str);
$str = stripslashes($str);


replace $str with the name of the textarea thats being parsed ;-)
User avatar
QWERTY
Forum Newbie
Posts: 20
Joined: Sat Jun 29, 2002 10:57 am
Location: Slovenia

...

Post by QWERTY »

How can you get hacked by <? and ?>? Are you using the eval function or is there another way to get hacked?

Don't allow "javascript"... :)
User avatar
hob_goblin
Forum Regular
Posts: 978
Joined: Sun Apr 28, 2002 9:53 pm
Contact:

Post by hob_goblin »

i think my way pretty much does it all :p and even strips the slashes for ya too
Post Reply