In addition to all the other comments made, strip_tags() is helpful in this situation.
http://us.php.net/strip_tags As for excluding "www.", you need to do something like this: $form_data = preg_match("www." "", $form_data); http://us.php.net/manual/en/function.preg-replace.php On 1/23/08, Susan Shemin <[EMAIL PROTECTED]> wrote: > > Is this "escaping" that you guys have been talking about what you use to > filter acceptable data into textbox form? > > If so, can you explain exactly what is being used (e.g., htmlentities) and > how to use it? > > Actually I need to filter out nonpermitted characters since someone put a > Viagra advertisement into the php blog I created! (Caught it quite quickly > and deleted the entry from the database.) I'd like to exclude "www." from > being entered into a form. > > Susan > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php >
_______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
