Posted by Pasquale on 10/31/05 09:00

I have set up a registration for an event where captains can input and
update their team information. I need to allow certain meta characters
for their team names, such as ?, ', #, (), &.

With magic_quotes_gpc ON I still cannot insert into the database the
single quote (') within a teamname without using addslashes. I receive a
mysql error. The PHP manual says not to use addslashes when
magic_quotes_gpc is ON, but it doen't work unless I do.?

### filter I use for characters
function Filter ($valu) {
if (isset($valu) && $valu != "") {
$searchB = array
('~','`','!','@','%','^','*','_','+','=','{','}','[',']','|',':',';','"','<','>','/','\\');
$searchG = array ('#','-',',','.','$','(',')','?','\'','&');
foreach ($searchB as $bad) {
$valu = str_replace($bad,'',$valu);
}
foreach ($searchG as $good) {
$valu = str_replace($good,addslashes($good),$valu);
}
$valu = preg_replace("'\s+'"," ",$valu);
}
return $valu;
}


Pasquale

[Back to original message]