Posted by Ray Hauge on 12/07/05 21:51

There's been a lot of great articles in the PHP|Architect magazine over
the past 3 months or so about this (http://www.phparch.com) You do have
to purchase back-issues though. Very good articles though. They cover
how to make functions to filter what variables should be sent in, and
how to make sure all the data is what you expect.

Jason Gerfen wrote:

> comex wrote:
>
>>> Similarly is there a library function for escaping database content for
>>> inclusion in HTML pages?
>>>
>>
>> http://php.net/htmlspecialchars
>> http://php.net/htmlentities
>>
>>
>>
> Or roll your own and replace the eregi regex with data that is valid
> to your application:
>
> function chk_input( $string ) {
> if( eregi( "^[0-9a-z_ -]$", $string ) ) {
> return 0;
> } else {
> return 1;
> }
> }
>
> if( chk_input( $string ) == 0 ) {
> echo "valid";
> } else {
> echo "invalid";
> }
>

[Back to original message]