Comments on: Filtering User Input in PHP

By: Michael

Michael — Sat, 28 Nov 2009 15:09:18 +0000

Nice class, but wondered about one thing. If/when the filter finds input data that breaks the filter rules, how would you go about displaying a warning to the user that their data has issues and won’t be accepted? This would be great if it could appear on the actual form page before getting to the input process on another page.

By: dreamMonkey

dreamMonkey — Sat, 28 Mar 2009 20:56:53 +0000

Hi Regan,

first of : great site ! Just what I was looking for !
I am currently trying to rebuild someone’s website that we believe fell victim to malicious practices you are trying to protect us from. I really want to make it as strong as possible that ’s why I was wondering what more methods one could us in the class to make it as solid as a rock?

PS: I’m very interested in the MySQL protection update as well !

regards,
dreamMonkey

By: Robert K

Robert K — Thu, 19 Mar 2009 13:03:09 +0000

retrun preg_replace
is supposed to be
return preg_replace
I assume

By: Robert Augustin

Robert Augustin — Mon, 08 Sep 2008 21:22:28 +0000

Regan,

…which is anything more that 1 space…

That’s it

Thanks!

By: Regan Johnson

Regan Johnson — Mon, 08 Sep 2008 18:16:36 +0000

Robert Augustin said: Hi Regan,

I just came across your site and I already love it. Thanks for this post in particular - I’m …

Hey there Robert,

Thanks for the comment. The function I am using in this example will eliminate whitespace (which is anything more that 1 space). This is particularly useful when people try to enter something with an exorbitant amount of spaces in between words, and will clean up the input passed to your application.

Hope this helps!

By: Robert Augustin

Robert Augustin — Mon, 08 Sep 2008 17:49:30 +0000

Hi Regan,

I just came across your site and I already love it. Thanks for this post in particular - I’m no pro at PHP just yet and this kind of info is great!

Question - why strip user input from whitespaces? As an example, let’s say it’s a contact form using a textarea for a message, the contact.php (form) posts to formmailer.php (script), which checks for sanity, empty fields and email validity and on error, returns to contact.php with a conditional DIV displaying the error message (so far so good).

Why eliminate all whitespaces? User’s message would be unreadable in this case.

Or am I getting it wrong

By: Missfitbit

Missfitbit — Fri, 22 Aug 2008 22:37:13 +0000

Ok, just learning (stop groaning), so a little help would be awesome.

Building a site whose main function will be compiling blurbs about events (etc) that will also be e-mailed to subscribers. So, obviously, I need to collect e-mail addresses, send html emails to my users, and allow users to remove their address. Yep, there are a TON of third parties that will do this for you, but i want to own and have total control over my data, plus it’s just fun to learn. I just don’t want to have my subscribers be overrun with spam et al. because I didn’t know enough. So…

I’m going to use everything on this page, but you mentioned you’d send more info on e-mail validation, verification, etc, so could you?

Any other tips or resources? (Besides “hire someone”)

Thanks a MILLION!

By: Stilegrafica Design Blog » Blog Archive » 5 script PHP che forse non conoscevi

Fri, 27 Jun 2008 02:40:21 +0000

[…] Filtrare l’input utente con PHP […]

By: SEO Ranter

SEO Ranter — Fri, 11 Apr 2008 13:47:23 +0000

Can someone please forward this over to Wordpress?

http://search.securityfocus.com/swsearch?query=wordpress&metaname=alldoc