[FIXED] O'Brien

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
xeorex
Forum Newbie
Posts: 6
Joined: Sat May 17, 2008 2:28 pm

[FIXED] O'Brien

Post by xeorex »

How to sanitise a name such as O'Brien and be able to show it back on the form without being shown as O\'Brien?

Code: Select all

<?php
 
    function html_prepare($html) {
                     trim(htmlentities($html, ENT_QUOTES));
                     return $html;
                 }
    function validate_name($input) 
        {       
              $pattern = "/^[\' a-z]{2,20}$/i";
                      return (bool)preg_match($pattern, $input, $matches);
        }
 
if (validate_name($_POST['name']) == false) {
$error['missing']['name'] = 'Name seems to be invalid';
$html['name'] = html_prepare(ucwords(strtolower($_POST['name'])));
} else {
$clean['name'] = trim(ucwords(strtolower($_POST['name'])));
$html['name'] = html_prepare($clean['name']);
}
 
 
?>
The $html array element is the one that will be shown again if the form is not completed properly.
Last edited by xeorex on Sun Jan 25, 2009 10:45 pm, edited 2 times in total.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: O'Brien

Post by John Cartwright »

stripslashes(), or better yet turn off magic quotes..
xeorex
Forum Newbie
Posts: 6
Joined: Sat May 17, 2008 2:28 pm

[FIXED] Re: O'Brien

Post by xeorex »

Thank you for your quick reply. :D
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: O'Brien

Post by John Cartwright »

No problem (even quicker this time ;)).
Post Reply