Page 1 of 1
Checking for HTML input
Posted: Mon Aug 06, 2007 9:20 am
by aceconcepts
What pattern would I use to check if someone has input HTML into a form field?
If I enter the following html into a text field, it messes up the form:
Posted: Mon Aug 06, 2007 10:56 am
by John Cartwright
You should also use htmlspecialchars() when outputting contents, especially user defined content.
Posted: Mon Aug 06, 2007 11:29 am
by aceconcepts
Thanks for that Jcart, it works well.
I would still like to know how to tell whether someone has entered anything other than text.
For example: Cardholder's name on a credit card should be text only, how can I make sure text (a-z) is entered (allowing whitespace) and not anything else ?
Posted: Mon Aug 06, 2007 11:33 am
by John Cartwright
for simple validation rules, you can use ctype_alpha() (letters only), ctype_alnum() (letters and numbers), and is_numeric() (numbers only).
For more complex validation rules, such as a credit card your best bet is creating a regular expression with preg_match(), however there are many solid regular expressions already made if you poke around on google.