User Input Security

sois

What is a simple way to validate user input? I have a few places on my site where my users can enter stuff (login page, leave a comment, upload a file... etc)

Nothing really hardcore. Is there a simple way to check and make sure they are only entering normal stuff?

In most if the inputs, I just want them to enter normal text (numbers, letters, some punctuation).

Thanks for your help guys!!!

Weedpacket

Depends on what "normal" means.

sois

numbers , letters, commas, exclamation points, periods .... regular grammar stuff

stewartship

the best thing to do do is set up a string mask of all the allowed characters and then test the user input character by character against this string mask and if the character within the string mask call up an error message.

stewartship

sorry should be '....if the character is NOT within the string mask call an error message!'

Redback

Hello, here's a function you can use before saving to database that will remove everything in the exploit array.

Example
$sql = "insert into table (username) values ('".wrap_values($username)."')";

function wrap_values($str)
{
$str = trim($str);
$temp_str = stripslashes($str);
$exploits = array("dork", "shoot", "<", "script", ">", "&", "%", "!", ";");
$temp_str = str_replace($exploits, "", $temp_str);

return $temp_str;

}

robche

another thing to checkout:

http://us2.php.net/html_special_chars

will make it render as they put it in - but no formatting

sois

ooohh thanks guys!