You can also use basic functions like is_numeric() [to make sure the value is numeric - duh] or a custom function to do something like check for a valid email address format.
I have a news site that explodes the URL to get values for the directory/article it is supposed to display. since the types of articles are limited, I just use an array of these values and check that the piece that I have matches one of them. URL example /news/php/123.htm $article_types = array("php", "javascript", "perl"); $url_array=explode("/",$_SERVER['REQUEST_URI']); //BREAK UP THE URL PATH USING '/' as delimiter $article_type = $url_array[2]; // "php" $article_id = str_replace('.htm','',$url_array[3]); // "123" if ( (in_array($article_type, $article_types)) && is_numeric($article_id) ) { ... query for article and display ... } else { ... display 404 error ... } > rotsky wrote: > > I'd like to canvas opinions about what's needed to > clean user input. I'm > > using an HTML form where users enter simple things > like name and phone > > number, but also a couple of small text areas for > address and a message (up > > to 50 words or so). > > > > How would people recommend cleaning this data when > it's received (via > > $_POST) in the next page? Some fields (like email) > I can check against a > > template using ereg(), but the text areas pose > more of a problem. I assume > > running strip_tags() might be a wise precaution, > and maybe also > > htmlentities(). Anything else? > > > > I'd be interested to hear what other people do. > > > > a+ > > Steve > > > > > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > __________________________________________________ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php