What is the best way to strip input fields to make sure the do not contain ' or " or and other special characters that would mess up my code.

Thanks
Tim

    Depends. You could do an eregi_replace or str_replace() and search for each.

    If you're talking about messing it up as in adding the escape character (), then that is just strip_slashes().

    But basically, you could use this:

    <?php
function strip_Quotes($input){
    $_quotes = array("'", "\"");
    str_replace($_quotes, "", $input);
    return $input;
}
?>

    That would work.

    ~Brett

      I wrote this for myself yesterday, because I'm always having to check if magic quotes are on, trim incoming data, then if user data is sent incorrectly putting it back into form fields.

      Create an instance of this class and it'll immediately be filled with slash stripped input in the $data property, then you can specialchars it for shoving back into the page, escape it ready for going into the database, and you can pass it arrays of terms that have to be present, or numeric, or have minimum lengths (passwords, username). reset() puts it all back as it was, so you can start again, e.g.

      $input = &new RequestHander;

$input->trim();
$input->specialchars();

   // shove values back into a form


$input->set_req_filled(array('name', 'password'));

$input->verify() or die('input something, please');

$input->reset();
$input->escape();

// shove into db

      I should have done this ages ago, really. Thought it might be useful to somebody.

      class RequestHandler
{
	var $data;				// copy of request data, auto de-slashed if need be
	var $reqFilled;			// a list of fields that have to be filled when verify is called
	var $reqNumeric;		// fields that have to be numeric
	var $reqMinLen;			// associative array of $key => minimum lengths
	var $errors;			// array of error messages

function RequestHandler()
{
	$this->data 		= $_REQUEST;
	$this->errors 		= array();
	$this->reqFilled 	= array();
	$this->reqNumeric 	= array();

	if (get_magic_quotes_gpc())
		$this->strip();
}

function strip()
{
	$this->recurse_it($this->data, 0, 'stripslashes');
}

function trim()
{
	$this->recurse_it($this->data, 0, 'trim');
}

function specialchars()
{
	$this->recurse_it($this->data, 0, 'htmlspecialchars');
}

function escape()
{
	$this->recurse_it($this->data, 0, 'mysql_escape_string');
}

	// hope you appreciate how lovely this is

function recurse_it(&$in, $dead, $function)
{
	if ( is_array($in) )
		array_walk($in, array($this, 'recurse_it'), $function);
	else
		$in = $function($in);
}

function reset()
{
	$this->RequestHandler();
}

function verify()
{
	$errCnt = 0;

	foreach ($this->reqFilled as $key)
	{	if (empty($this->data[$key]))
		{
			$this->errors[] = 'field "' . $key. '" empty';
			$errCnt++;
		}
	}

	foreach ($this->reqNumeric as $key)
	{	if (!isset($this->data[$key]) || !is_numeric($this->data[$key]))
		{
			$this->errors[] = 'field "' . $key. '" not numeric';
			$errCnt++;
		}
	}

	foreach ($this->reqMinLen as $field => $len)
	{	if (!isset($this->data[field]) || strlen($this->data[$field]) < $len)
		{
			$this->errors[] = 'field "' . $field . '" less than ' . $len . ' chars';
			$errCnt++;
		}
	}

	return $errCnt ? false : true;
}

function set_req_filled($rf)
{
	$this->reqFilled = $rf;
}

function set_req_numeric($rn)
{
	$this->reqNumeric = $rn;
}

function set_req_minimum($rm)
{
	$this->reqMinLen = $rm;
}
}
        Write a Reply...