I'm adding validation to all input form objects. I've read serveral posts here about hackers being able to take control of a site by inputing sql querys into textboxs so I would like to prevent users from inputing punctuation symbols.
This is what I have but it doesnt work. What am i doing rong?
if(ereg(" ( ; ) ( ? ) ( . ) ( \" ) ( ' ) ",$_POST['user'])){
$errors[$e_num] = "There was an error proccessing your name<br>
Please remove any symbols <br> (. , \" ' ? ! ; : ) " ;
$e_num++;
}
edit------------
The code is not beign displayed correctly becouse its replacing parts with smiley img tags.