Results 1 to 3 of 3

Thread: protecting text in a form text area

  1. #1
    DickTracy is offline Newbie Net Builder
    Join Date
    Dec 2008
    Thanked 19 Times in 12 Posts

    protecting text in a form text area

    Hi, a question for php experts

    I have a simple form where people can enter details, then later they can retrieve and amend it with a password through the same form. The form contains a few textareas.

    Currently to clean the text I use

    $entered_text = nl2br($entered_text);
    $entered_text = strip_tags($entered_text,"<br>");

    This seems to work OK but occasionally it gets confused and loses all the <br> so everything gets turned into one paragraph.

    Is this code enough to protect against malicious users when they find the form? Is there a better way to handle things? I think I'm maybe missing the obvious but have searched everwhere for a 'standard' script and can't find one.


  2. #2
    Will.Spencer's Avatar
    Will.Spencer is offline Retired
    Join Date
    Dec 2008
    Blog Entries
    Thanked 2,329 Times in 1,259 Posts
    User input is hell. Look at all the filters Markus Breitenbach puts strings through to protect against various attacks: A Safe String Solution for better PHP Security in Applications
    Submit Your Webmaster Related Sites to the NB Directory
    I swear, by my life and my love of it, that I will never live for the sake of another man, nor ask another man to live for mine.

  3. #3
    DickTracy is offline Newbie Net Builder
    Join Date
    Dec 2008
    Thanked 19 Times in 12 Posts
    Err that's about 5 light years beyond me, and it still ends with 'Probably it would require "fixing" various database abstraction layers and template-engines to get this all into some usable state.'

    I'd been looking at autop() from New Lines to Paragraphs — Matt Mullenweg, looks like the kind of thing I'm after but it didn't work straight off and I can't work out all the regular expressions (and would prefer not to have to try).

    All entry on my form gets checked before the entry goes live so I hoped that reduced the need for checks a bit?!

Similar Threads

  1. [WTB] WTB text link
    By nancy7788 in forum Links
    Replies: 0
    Last Post: 15 March, 2010, 05:19 AM
  2. Text Speak
    By Sbfc_ in forum General Chat
    Replies: 3
    Last Post: 12 March, 2010, 00:55 AM
  3. Anchor Text
    By mtsandeep in forum Keyword Research
    Replies: 5
    Last Post: 23 August, 2009, 03:19 AM
  4. vertical text centering of <input type="text">
    By TryLord in forum Web Design
    Replies: 1
    Last Post: 20 August, 2009, 16:14 PM

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts