Checking for HTML input

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
aceconcepts
DevNet Resident
Posts: 1424
Joined: Mon Feb 06, 2006 11:26 am
Location: London

Checking for HTML input

Post by aceconcepts »

What pattern would I use to check if someone has input HTML into a form field?

If I enter the following html into a text field, it messes up the form:

Code: Select all

<a href="abc.com">ABC</a>
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

You should also use htmlspecialchars() when outputting contents, especially user defined content.
User avatar
aceconcepts
DevNet Resident
Posts: 1424
Joined: Mon Feb 06, 2006 11:26 am
Location: London

Post by aceconcepts »

Thanks for that Jcart, it works well.

I would still like to know how to tell whether someone has entered anything other than text.

For example: Cardholder's name on a credit card should be text only, how can I make sure text (a-z) is entered (allowing whitespace) and not anything else ?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

for simple validation rules, you can use ctype_alpha() (letters only), ctype_alnum() (letters and numbers), and is_numeric() (numbers only).

For more complex validation rules, such as a credit card your best bet is creating a regular expression with preg_match(), however there are many solid regular expressions already made if you poke around on google.
Post Reply