Just a quick question...
I understand how to test say username and login fields to make sure they are only alphanumeric using regex.
but
How do you allow a user to type anything they want and display it safely? Like in forums where users can type any alphanumeric character as well as any other keyboard character and have it displayed with no effect on the system.
Basically in a situation where you want to be flexible about user input.
Is this done with regex or are the non-alphanumeric characters escaped somehow or is it a combination of both methods?
cheers
rj
[SOLVED]regex or escaping characters for safe display?
Moderator: General Moderators
-
rubberjohn
- Forum Contributor
- Posts: 193
- Joined: Fri Feb 25, 2005 4:03 am
[SOLVED]regex or escaping characters for safe display?
Last edited by rubberjohn on Wed Mar 15, 2006 4:07 pm, edited 1 time in total.
Use htmlentities
Code: Select all
$string = $_POST['name'];
echo htmlentities($string, ENT_QUOTES, 'UTF-8');-
rubberjohn
- Forum Contributor
- Posts: 193
- Joined: Fri Feb 25, 2005 4:03 am
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
posts on this board, like any other phpbb board are processed both on entry into the database and on display. They are processed for different things (quick tag replacement and such) on first pass, and final display with HTML on final pass. nl2br() and htmlentities() are the most basic with little actual processing of the text submission.
-
rubberjohn
- Forum Contributor
- Posts: 193
- Joined: Fri Feb 25, 2005 4:03 am