Best way to secure inputs for pdf?

nakins

I'm building a html form/input page that be used to insert the input values into a pdf via a php script. Being that the input isn't going to a database, but going into a pdf doc, is there a more generic regex or php function that I can use to test the input values with? I haven't been around php in a long time (prior to sql injections becoming common), so, I'm back to noob status here. But being that this insertion in to a pdf, I don't know that it is really needed. Just want to be on the safe side.
Thanks

bpat1434

Well, it's always a good idea to FIEO: Filter Input, Escape Output. That said, you don't have to worry about the output part (since it's in a PDF). I'm not sure there are really an "illegal" characters in a PDF like in SQL.

The one thing I would do is limit what the user can input. Either limit them to numbers / choices and you hard-code them based upon their input, or give them a "stripped" WYSIWYG editor (TinyMCE for example) in which they can do basically what MS Word can; however, you have control over what "valid" html elements are. Then you can just strip out the invalid tags (or deny the data and request better data).

It's always a good thing to limit your user's input. This limits the chances that someone will do something utterly stupid and cause your application (or even worse your server) to crash.