I'd like to canvas opinions about what's needed to clean user input. I'm
using an HTML form where users enter simple things like name and phone
number, but also a couple of small text areas for address and a message (up
to 50 words or so).

How would people recommend cleaning this data when it's received (via
$_POST) in the next page? Some fields (like email) I can check against a
template using ereg(), but the text areas pose more of a problem. I assume
running strip_tags() might be a wise precaution, and maybe also
htmlentities(). Anything else?

I'd be interested to hear what other people do.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to