quagmire02
All American
44225 Posts
user info
edit post |
do you have a function already assembled that you tend to use throughout your applications in order to sterilize inputted text? care to post it? i cover some things, but i'm sure i'm missing others...and i'm sure google would have some, but i kinda like you guys  6/16/2008 4:10:19 PM
|
Stein
All American
19842 Posts
user info
edit post |
You mean like mysql_real_escape_string()? 6/16/2008 4:12:50 PM |
quagmire02
All American
44225 Posts
user info
edit post |
yes...but what if you're not using mysql?
my experience is limited - i suppose there's a version of that for all types of sql databases 6/16/2008 4:25:42 PM |
qntmfred
retired
40683 Posts
user info
edit post |
there's addslashes() too. but really, neither of these provides particularly excellent sanitation. i don't have any recommendations beyond these, but just keep in mind they aren't perfect 6/16/2008 4:42:13 PM |
quagmire02
All American
44225 Posts
user info
edit post |
do y'all recommend converting carriage returns into <br /> tags? 6/16/2008 4:46:14 PM |
BigMan157
no u
103354 Posts
user info
edit post |
all depends on what you're doing with the inputted text
i've always been partial to paragraphs
function nl2p($text) {
return preg_replace("/<p>\s*</p>/", "", "<p>".preg_replace("/\r?\n/", "</p><p>", $text)."</p>"));
}
[Edited on June 16, 2008 at 4:58 PM. Reason : code, not quote`]6/16/2008 4:50:52 PM |
qntmfred
retired
40683 Posts
user info
edit post |
^^ maybe on the output side, but not on the db side 6/16/2008 4:52:43 PM |
