Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

PHP forms: special characters

  • 30-03-2006 11:12am
    #1
    Bananna man
    Registered Users, Registered Users 2 Posts: 673 ✭✭✭


    Hey,

    I have a account setup page on my website but i havent put in any safeguards to stop people putting in special characters. I have noticed on most other websites you will not be allowed to proceed with thses in special characters.

    Is it important to have it set up this way and if so why?

    Also, if i should be doing it can someone let me know how to set it up in my php script.

    Thanks


Comments

  • #2
    daymobrew
    Registered Users, Registered Users 2 Posts: 6,570 ✭✭✭daymobrew


    I'm not 100% what problems permitting these characters will expose but wrt modifying your scripts you should only permit safe characters instead of excluding unsafe chars.
    If you chose the exclusion route then you may miss unsafe characters.


  • #3
    Bananna man
    Registered Users, Registered Users 2 Posts: 673 ✭✭✭Bananna man


    How do i do that?


  • #4
    Seth Brundle
    Moderators, Politics Moderators Posts: 41,222 Mod ✭✭✭✭Seth Brundle


    You could replace the characters with html versions of the same.
    Where is your data going (email? database?)?


  • #5
    Bananna man
    Registered Users, Registered Users 2 Posts: 673 ✭✭✭Bananna man


    Into a database


  • #6
    Rollo Tamasi
    Registered Users, Registered Users 2 Posts: 3,514 ✭✭✭Rollo Tamasi


    use as many drop down boxes as possible to avoid users from having to type into the boxes and google php form validation tutorials


  • Advertisement
  • #7
    seamus
    Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    If it's going into a database, then make sure you escape every piece of input. Look for the mysql_escape_string() function on php.net.

    In terms of not allowing certain characters, there are many reasons for that. For example, in an email address field, you may only want input in the form a.b@y.com. In a telephone field you might only want 011234567 or +35311234567. In a "Name" field, you wouldn't expect to see |, & % ^ $ ; ¬ etc.

    Generally pattern matching is used to validate that people aren't putting weird things in their input. It also saves on administration - if the input is validated before being entered into the database, then you won't have to correct it later on, or try to figure out what they meant to enter. For info on pattern matching, google "regular expressions" (Check wikipedia.org, regular expressions is a *big* subject, you could be overwhelmed by google). For info on pattern matching in PHP, look for preg_match() for a start.


Advertisement