I use a special function just for reforming input, but they use the
following bits with PCRE:
$replace_wordwhite = '/[^\w\s]/';
$replace_word = '/\W/';
$replace_num = '/\D/';
$replace_email = '/[^\w\-\.@]/';
Works pretty well and it's quite useful for killing useless input without
returning errors, so the username (for instance) "B{o}b" it made into "Bob".
That way it's more or less forgiving of morons and malicious users alike :)
--
Plutarck
Should be working on something...
...but forgot what it was.
"Larry Hotchkiss" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Im working on a site utilizing apaches/mysqp and of course php. Im
> working through the basic framwork creating forms to collect user input
> and do various searches etc. I was curious as to what most people find
> the best way keep thier mysql queries from getting messed up by user
> entered data. None of my searches or database data has or needs any sort
> of punctuation, so I was thinking of striping it all out from form
> input. What method is everyone else using?
>
>
> --
> Larry H.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
