Page 1 of 1

Preventing users from entering "<?" in a textar

Posted: Tue Jul 02, 2002 2:06 pm
by yoyo
Could someone please tell me how to disallow input into a form when the user enters such things as "<?". I can use the ereg expression for all other strings, but I run into trouble with this one. Should I be using a Javascript function before the form is submitted or what?

Also, what other strings should I not allow in hopes of limiting my chances of getting hacked.

YoYo

Posted: Tue Jul 02, 2002 2:32 pm
by hob_goblin
$str = str_replace('<?', "", $str);
$str = str_replace('?>', "", $str);
$str = strip_tags($str);
$str = stripslashes($str);


replace $str with the name of the textarea thats being parsed ;-)

...

Posted: Tue Jul 02, 2002 3:11 pm
by QWERTY
How can you get hacked by <? and ?>? Are you using the eval function or is there another way to get hacked?

Don't allow "javascript"... :)

Posted: Tue Jul 02, 2002 5:01 pm
by hob_goblin
i think my way pretty much does it all :p and even strips the slashes for ya too