I've been trying to find a solution for this for a while ; I'd like to use a SecureText function that filters any "potential risky" text input from my website. So what's "potential risky text" for me : everything that's not : a-zA-Z0-9 ;.,?+-_![]/()This clears any hack potential from XSS or SQL injection. This limits the usability of my website, but I don't care, as long as xss are not possible any more, and sql injections are out of the way it's perfectly viable for what I want to do and the needs of my users. Now the question is how to build such a function. It seems that I can't use preg_replace because of unicode characters.I've tried to use filter_var but I'm not sure it filters also unicode characters. And I really want to strip everything that's risky it's my main priority. Cool guys on #Zftalk have advised to use pregReplace filter build in ZF since I have a regexp, but I'm not sure regexp is secure so... Any help appreciated ! I'm a little lost with this.Thanks !
-- My dojo & zend framework experience, the good, the bad with code samples ;-) http://practicalphpajax.wordpress.com/
