You can also use basic functions like is_numeric() [to
make sure the value is numeric - duh] or a custom
function to do something like check for a valid email
address format.
I have a news site that explodes the URL to get values
for the directory/article it is supposed to display.
since the types of articles are limited, I just use an
array of these values and check that the piece that I
have matches one of them.
URL example /news/php/123.htm
$article_types = array("php", "javascript", "perl");
$url_array=explode("/",$_SERVER['REQUEST_URI']);
//BREAK UP THE URL PATH USING '/' as delimiter
$article_type = $url_array[2]; // "php"
$article_id = str_replace('.htm','',$url_array[3]);
// "123"
if ( (in_array($article_type, $article_types)) &&
is_numeric($article_id) )
{
... query for article and display ...
}
else
{
... display 404 error ...
}
> rotsky wrote:
> > I'd like to canvas opinions about what's needed to
> clean user input. I'm
> > using an HTML form where users enter simple things
> like name and phone
> > number, but also a couple of small text areas for
> address and a message (up
> > to 50 words or so).
> >
> > How would people recommend cleaning this data when
> it's received (via
> > $_POST) in the next page? Some fields (like email)
> I can check against a
> > template using ereg(), but the text areas pose
> more of a problem. I assume
> > running strip_tags() might be a wise precaution,
> and maybe also
> > htmlentities(). Anything else?
> >
> > I'd be interested to hear what other people do.
> >
> > a+
> > Steve
> >
> >
> >
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
