English Deutsch Français Italiano Español Português 繁體中文 Bahasa Indonesia Tiếng Việt ภาษาไทย
All categories

I have a php website. My form page is validated through both, PHP, and Javascript. The javascript makes a box appear on the page that says, "errors, etc. etc." How do I limit the text areas to where no special characters are allowed? I'm not really that great with php so please over-explain your answers. Thanks.

2006-10-03 02:36:31 · 4 answers · asked by detroitkid17 2 in Computers & Internet Programming & Design

4 answers

You need to restrict your textarea to a certain pattern. For this you can use regular expressions. You should add regular expression validation of textarea contents to both client side and server side validation logic.

Javascript has good regular expression support. You can find references for it here:

http://www.regular-expressions.info/javascript.html

On that same website, you can see how to use regular expressions with PHP. Also, you might need a general reference on regular expressions, which you can find here:

http://www.regularexpression.info/

2006-10-03 03:15:58 · answer #1 · answered by puckstorm 3 · 0 0

To truely prevent SQL injection, you need to do it on the PHP side. Someone can always work around the Javascript protections. You have a number of options on the PHP side of things, and you should probably impliment a couple of them.

The most basic, if you are using PHP 5.1+ is to use PDO and prepared statements for all of your SQL statements. PDO is an abstraction layer that works with almost any database back end that PHP supports - http://us3.php.net/manual/en/ref.pdo.php

Another thing you should do, is filter out all user entries (this includes cookies) using regular expressions. The most important filter you should add is the removal (or replacement) of quotes. If the quotes need to be included (for example, if the entry is supposed to take html that includes links) you will need to either slash them out (addcslashes() ) or use PDO. You can also prevent cross site scripting by removing at least the