Results 1 to 3 of 3

Thread: protecting text in a form text area

  1. #1
    DickTracy is offline Newbie Net Builder
    Join Date
    Dec 2008
    Posts
    116
    Thanks
    12
    Thanked 19 Times in 12 Posts

    protecting text in a form text area

    Hi, a question for php experts

    I have a simple form where people can enter details, then later they can retrieve and amend it with a password through the same form. The form contains a few textareas.

    Currently to clean the text I use

    $entered_text = nl2br($entered_text);
    $entered_text = strip_tags($entered_text,"<br>");

    This seems to work OK but occasionally it gets confused and loses all the <br> so everything gets turned into one paragraph.

    Is this code enough to protect against malicious users when they find the form? Is there a better way to handle things? I think I'm maybe missing the obvious but have searched everwhere for a 'standard' script and can't find one.

    Cheers!

  2. #2
    Will.Spencer's Avatar
    Will.Spencer is offline Retired
    Join Date
    Dec 2008
    Posts
    5,033
    Blog Entries
    1
    Thanks
    1,010
    Thanked 2,327 Times in 1,258 Posts
    User input is hell. Look at all the filters Markus Breitenbach puts strings through to protect against various attacks: A Safe String Solution for better PHP Security in Applications
    Submit Your Webmaster Related Sites to the NB Directory
    I swear, by my life and my love of it, that I will never live for the sake of another man, nor ask another man to live for mine.

  3. #3
    DickTracy is offline Newbie Net Builder
    Join Date
    Dec 2008
    Posts
    116
    Thanks
    12
    Thanked 19 Times in 12 Posts
    Err that's about 5 light years beyond me, and it still ends with 'Probably it would require "fixing" various database abstraction layers and template-engines to get this all into some usable state.'

    I'd been looking at autop() from New Lines to Paragraphs — Matt Mullenweg, looks like the kind of thing I'm after but it didn't work straight off and I can't work out all the regular expressions (and would prefer not to have to try).

    All entry on my form gets checked before the entry goes live so I hoped that reduced the need for checks a bit?!

Similar Threads

  1. [WTB] WTB text link
    By nancy7788 in forum Links
    Replies: 0
    Last Post: 15 March, 2010, 05:19 AM
  2. Text Speak
    By Sbfc_ in forum General Chat
    Replies: 3
    Last Post: 12 March, 2010, 00:55 AM
  3. Anchor Text
    By mtsandeep in forum Keyword Research
    Replies: 5
    Last Post: 23 August, 2009, 03:19 AM
  4. vertical text centering of <input type="text">
    By TryLord in forum Web Design
    Replies: 1
    Last Post: 20 August, 2009, 16:14 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •