I'm adding validation to all input form objects. I've read serveral posts here about hackers being able to take control of a site by inputing sql querys into textboxs so I would like to prevent users from inputing punctuation symbols.

This is what I have but it doesnt work. What am i doing rong?

					if(ereg(" ( ; ) ( ? ) ( . )  ( \" ) ( ' ) ",$_POST['user'])){

                      $errors[$e_num] = "There was an error proccessing your name<br>
					                     Please remove any symbols <br> (. , \" ' ? ! ; : ) " ;

					  $e_num++;
                     }

edit------------
The code is not beign displayed correctly becouse its replacing parts with smiley img tags.

    Hi,

    try this one instead:

    if(preg_match("ยง[;?.\"']ยง",$_POST['user'])){ 
    

    Thomas

      Thanks tsinka, That will do fine ๐Ÿ™‚

        Don't forget to mark this thread resolved if there are no questions remaining ๐Ÿ™‚

          Write a Reply...