quagmire02 All American 44225 Posts user info edit post |
do you have a function already assembled that you tend to use throughout your applications in order to sterilize inputted text? care to post it? i cover some things, but i'm sure i'm missing others...and i'm sure google would have some, but i kinda like you guys 6/16/2008 4:10:19 PM |
Stein All American 19842 Posts user info edit post |
You mean like mysql_real_escape_string()? 6/16/2008 4:12:50 PM |
quagmire02 All American 44225 Posts user info edit post |
yes...but what if you're not using mysql?
my experience is limited - i suppose there's a version of that for all types of sql databases 6/16/2008 4:25:42 PM |
qntmfred retired 40726 Posts user info edit post |
there's addslashes() too. but really, neither of these provides particularly excellent sanitation. i don't have any recommendations beyond these, but just keep in mind they aren't perfect 6/16/2008 4:42:13 PM |
quagmire02 All American 44225 Posts user info edit post |
do y'all recommend converting carriage returns into <br /> tags? 6/16/2008 4:46:14 PM |
BigMan157 no u 103354 Posts user info edit post |
all depends on what you're doing with the inputted text
i've always been partial to paragraphs
function nl2p($text) { return preg_replace("/<p>\s*</p>/", "", "<p>".preg_replace("/\r?\n/", "</p><p>", $text)."</p>")); }
[Edited on June 16, 2008 at 4:58 PM. Reason : code, not quote`]6/16/2008 4:50:52 PM |
qntmfred retired 40726 Posts user info edit post |
^^ maybe on the output side, but not on the db side 6/16/2008 4:52:43 PM |