I'd like to canvas opinions about what's needed to clean user input. I'm using an HTML form where users enter simple things like name and phone number, but also a couple of small text areas for address and a message (up to 50 words or so).
How would people recommend cleaning this data when it's received (via $_POST) in the next page? Some fields (like email) I can check against a template using ereg(), but the text areas pose more of a problem. I assume running strip_tags() might be a wise precaution, and maybe also htmlentities(). Anything else? I'd be interested to hear what other people do. a+ Steve -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
