Page 1 of 1

[SOLVED]regex or escaping characters for safe display?

Posted: Wed Mar 15, 2006 3:42 pm
by rubberjohn
Just a quick question...

I understand how to test say username and login fields to make sure they are only alphanumeric using regex.

but

How do you allow a user to type anything they want and display it safely? Like in forums where users can type any alphanumeric character as well as any other keyboard character and have it displayed with no effect on the system.

Basically in a situation where you want to be flexible about user input.

Is this done with regex or are the non-alphanumeric characters escaped somehow or is it a combination of both methods?

cheers

rj

Posted: Wed Mar 15, 2006 3:50 pm
by matthijs
Use htmlentities

Code: Select all

$string = $_POST['name'];

echo htmlentities($string, ENT_QUOTES, 'UTF-8');

Posted: Wed Mar 15, 2006 3:54 pm
by rubberjohn
thanks for the reply

so, say in this forum for the subject and the main post body, only htmlentities is used?

rj

Posted: Wed Mar 15, 2006 3:58 pm
by feyd
posts on this board, like any other phpbb board are processed both on entry into the database and on display. They are processed for different things (quick tag replacement and such) on first pass, and final display with HTML on final pass. nl2br() and htmlentities() are the most basic with little actual processing of the text submission.

Posted: Wed Mar 15, 2006 4:07 pm
by rubberjohn
cheers for that guys.

i think im going to have to start paying you soon feyd!

rj