Why would this be a problem (i.e. the fact that a user may insert "<pre>" in a
form field)?

If you're worried about security (i.e. users adding JavaScript code) you can
always htmlspecialchars() the string...

Bogdan

louie miranda wrote:

> Hi is it possible to match a certain string when a user submit's a form
> I mean, ex: i put "<pre>" on a form field, and php will match it and example
> deny it, oh well.. im new sorry.. :)
>
> thank you
>
> mysql_query ("INSERT INTO members (ircname, email, realname, asl, info)
> VALUES ('$ircname','$email','$realname','$asl','$info') ");
>
> # form.php ######################
> <?php
>
> mysql_connect ('my_db_host','my_user','my_pass');
> mysql_select_db ('my_db');
>
> mysql_query ("INSERT INTO members (ircname, email, realname, asl, info)
> VALUES ('$ircname','$email','$realname','$asl','$info') ");
>
>  print ($ircname);
>  print (" ");
>  print ("<p>");
>  print ("Thanks for joining!");
>
> ?>
> # form.php ######################
>
> # form.html #####################
> <html>
> <body>
> <form action=form.php method=GET>
> Ircname: <input type=text name=ircname size=25 maxlength=25><br>
> Email: <input type=text name=email size=25 maxlength=25><br>
> Realname: <input type=text name=realname size=25 maxlength=25><br>
> A/S/L: <input type=text name=asl size=25 maxlength=25><br>
> Info: <input type=text name=info size=25 maxlength=25><br>
> <p>
> <input type=submit>
> </form>
> </body>
> </html>
> # form.html #####################
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to