Posted by NC on 09/28/83 11:47

Jacob.Lyles@gmail.com wrote:
>
> I'm making a comment form for my website that will store
> the results in a flat file with some sort of delimiting character.
> However, I'm wondering what will happen if someone uses
> my delimiter within their comment.

One way to get around it is to use enclosing characters in addition to
delimiting characters. For example, if you use comma-separated
variables (CSV) format, you can write:

"1","name","comment including a , (comma)"

instead of

1,name,comment including a , (comma)

This way, you can read your file with fgetcsv() without a problem.
Remember to escape double quotes with another double quote when writing
to file though...

> I thought one way to protect againt this would be to choose a
> character like < and convert all < to &lt . Is there a function in PHP
> that does this automatically?

Yes. Two, as a matter of fact:

http://www.php.net/htmlentities
http://www.php.net/htmlspecialchars

Cheers,
NC

• Next in forum: question about php installation
• Prev in forum: Re: What If Someone Uses My Delimiter In Their Comment?
• Thread view: Re: What If Someone Uses My Delimiter In Their Comment?

[Reply to this message]