RE: [PHP] Question: Validation on a text field
[snip] Any thoughts ? [/snip] I thought I'd have lunch today, but I didn't. Is it a 'text' data type, or 'BLOB', (you said, actual Mysql Text column, aka like a blob) because the distinction is needed. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question: Validation on a text field
Assuming that the pasting is done into a textarea/textarea on an html form, I believe the Textarea will limit the past to just text characters. I suppose this could be dependent on the browser. I don't know of any html input control that would allow blob (binary) values. I also don't know if MySQL will police things input to a text column to make sure they are valid ascii text characters. Warren Vail -Original Message- From: Stuart Felenstein [mailto:[EMAIL PROTECTED] Sent: Thursday, November 04, 2004 12:32 PM To: [EMAIL PROTECTED] Subject: [PHP] Question: Validation on a text field I have a field that is an actual Mysql Text column, aka like a blob. I'm wondering if doing a standard validation that checks for characters outside of the alphanumeric range is enough. I'm imagining some users will cut and paste from a Word or PDF doc into the field. I've done it myself and no weird characters are showing up. Any thoughts ? Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question: Validation on a text field
It's a mysql text field. Stuart --- Jay Blanchard [EMAIL PROTECTED] wrote: [snip] Any thoughts ? [/snip] I thought I'd have lunch today, but I didn't. Is it a 'text' data type, or 'BLOB', (you said, actual Mysql Text column, aka like a blob) because the distinction is needed. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question: Validation on a text field
--- Vail, Warren [EMAIL PROTECTED] wrote: I also don't know if MySQL will police things input to a text column to make sure they are valid ascii text characters. No Mysql won't do it. PHP validation would have to be involved. Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question: Validation on a text field
[snip] It's a mysql text field. [/snip] You can use htmlentities() on the information placed into the field -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question: Validation on a text field
May I ask why you are suggesting this function ? Stuart --- Jay Blanchard [EMAIL PROTECTED] wrote: [snip] It's a mysql text field. [/snip] You can use htmlentities() on the information placed into the field -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question: Validation on a text field
[snip] May I ask why you are suggesting this function ? You can use htmlentities() on the information placed [/snip] Because it will convert things like quotes into their HTML counterparts before you place them into the table. If you are reading it back out to a web interface they get properly displayed without any manipulation. http://www.php.net/htmlentities explains a little more in depth. It is one step towards preventing SQL injection and possible other hack attacks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question: Validation on a text field
Jay Blanchard wrote: [snip] May I ask why you are suggesting this function ? You can use htmlentities() on the information placed [/snip] Because it will convert things like quotes into their HTML counterparts before you place them into the table. If you are reading it back out to a web interface they get properly displayed without any manipulation. http://www.php.net/htmlentities explains a little more in depth. It is one step towards preventing SQL injection and possible other hack attacks. You should also use mysql_real_escape_string() on the data from the client. http://www.php.net/mysql_real_escape_string -- Ben Ramsey Zend Certified Engineer http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question: Validation on a text field
--- Jay Blanchard [EMAIL PROTECTED] wrote: [snip] May I ask why you are suggesting this function ? You can use htmlentities() on the information placed [/snip] Because it will convert things like quotes into their HTML counterparts before you place them into the table. I'm still a bit fuzzy on how to write it out. So if field is labelled f5 Then I'm doing a $_SESSION['f5'] = $_POST['MyText']; then I think it would be $f5 = htmlentities($f5, ENT_QUOTES); insert $f5 into database ? Thanks Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question: Validation on a text field
--- Ben Ramsey [EMAIL PROTECTED] wrote: You should also use mysql_real_escape_string() on the data from the client. Even though Magic Quotes GPC is turned on ? Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php