Re: [PHP] Question: Validation on a text field
--- Ben Ramsey <[EMAIL PROTECTED]> wrote: > You should also use mysql_real_escape_string() on > the data from the client. Even though Magic Quotes GPC is turned on ? Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question: Validation on a text field
--- Jay Blanchard <[EMAIL PROTECTED]> wrote: > [snip] > May I ask why you are suggesting this function ? > > > You can use htmlentities() on the information > placed > [/snip] > > Because it will convert things like quotes into > their HTML counterparts > before you place them into the table. I'm still a bit fuzzy on how to write it out. So if field is labelled f5 Then I'm doing a $_SESSION['f5'] = $_POST['MyText']; then I think it would be $f5 = htmlentities($f5, ENT_QUOTES); insert $f5 into database ? Thanks Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question: Validation on a text field
Jay Blanchard wrote: [snip] May I ask why you are suggesting this function ? You can use htmlentities() on the information placed [/snip] Because it will convert things like quotes into their HTML counterparts before you place them into the table. If you are reading it back out to a web interface they get properly displayed without any manipulation. http://www.php.net/htmlentities explains a little more in depth. It is one step towards preventing SQL injection and possible other hack attacks. You should also use mysql_real_escape_string() on the data from the client. http://www.php.net/mysql_real_escape_string -- Ben Ramsey Zend Certified Engineer http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question: Validation on a text field
[snip] May I ask why you are suggesting this function ? > You can use htmlentities() on the information placed [/snip] Because it will convert things like quotes into their HTML counterparts before you place them into the table. If you are reading it back out to a web interface they get properly displayed without any manipulation. http://www.php.net/htmlentities explains a little more in depth. It is one step towards preventing SQL injection and possible other hack attacks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question: Validation on a text field
May I ask why you are suggesting this function ? Stuart --- Jay Blanchard <[EMAIL PROTECTED]> wrote: > [snip] > It's a mysql text field. > [/snip] > > You can use htmlentities() on the information placed > into the field > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question: Validation on a text field
[snip] It's a mysql text field. [/snip] You can use htmlentities() on the information placed into the field -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question: Validation on a text field
--- "Vail, Warren" <[EMAIL PROTECTED]> wrote: > I also don't know if MySQL will police things input > to a text column to make > sure they are valid ascii text characters. > No Mysql won't do it. PHP validation would have to be involved. Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question: Validation on a text field
It's a mysql text field. Stuart --- Jay Blanchard <[EMAIL PROTECTED]> wrote: > [snip] > Any thoughts ? > [/snip] > > I thought I'd have lunch today, but I didn't. > > Is it a 'text' data type, or 'BLOB', (you said, > "actual Mysql Text > column, aka like a blob") because the distinction is > needed. > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question: Validation on a text field
Assuming that the pasting is done into a on an html form, I believe the Textarea will limit the past to just "text" characters. I suppose this could be dependent on the browser. I don't know of any html input control that would allow "blob" (binary) values. I also don't know if MySQL will police things input to a text column to make sure they are valid ascii text characters. Warren Vail -Original Message- From: Stuart Felenstein [mailto:[EMAIL PROTECTED] Sent: Thursday, November 04, 2004 12:32 PM To: [EMAIL PROTECTED] Subject: [PHP] Question: Validation on a text field I have a field that is an actual Mysql Text column, aka like a blob. I'm wondering if doing a standard validation that checks for characters outside of the alphanumeric range is enough. I'm imagining some users will cut and paste from a Word or PDF doc into the field. I've done it myself and no weird characters are showing up. Any thoughts ? Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question: Validation on a text field
[snip] Any thoughts ? [/snip] I thought I'd have lunch today, but I didn't. Is it a 'text' data type, or 'BLOB', (you said, "actual Mysql Text column, aka like a blob") because the distinction is needed. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Question: Validation on a text field
I have a field that is an actual Mysql Text column, aka like a blob. I'm wondering if doing a standard validation that checks for characters outside of the alphanumeric range is enough. I'm imagining some users will cut and paste from a Word or PDF doc into the field. I've done it myself and no weird characters are showing up. Any thoughts ? Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php