Page 1 of 1

Checking for HTML input

Posted: Mon Aug 06, 2007 9:20 am
by aceconcepts
What pattern would I use to check if someone has input HTML into a form field?

If I enter the following html into a text field, it messes up the form:

Code: Select all

<a href="abc.com">ABC</a>

Posted: Mon Aug 06, 2007 10:56 am
by John Cartwright
You should also use htmlspecialchars() when outputting contents, especially user defined content.

Posted: Mon Aug 06, 2007 11:29 am
by aceconcepts
Thanks for that Jcart, it works well.

I would still like to know how to tell whether someone has entered anything other than text.

For example: Cardholder's name on a credit card should be text only, how can I make sure text (a-z) is entered (allowing whitespace) and not anything else ?

Posted: Mon Aug 06, 2007 11:33 am
by John Cartwright
for simple validation rules, you can use ctype_alpha() (letters only), ctype_alnum() (letters and numbers), and is_numeric() (numbers only).

For more complex validation rules, such as a credit card your best bet is creating a regular expression with preg_match(), however there are many solid regular expressions already made if you poke around on google.