Pretty new to PHP and I am trying to get a handle on securing a form fields data. For example, I have a simple form where user enters information into a field called mydata. The field must be able to contain multiple words and basic punctuation. What I have now is shown below in the code. Is this "really" secure? I have a good feeling that my site will become a target. Also, what should I use inplace of eregi as I just saw where that is deprecated in php5# and removed in PHP6+
//Function to sanitize values received from the form.
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
$str = strip_tags($str)
$str = htmlspecialchars($str,ENT_QUOTES);
return mysql_real_escape_string($str);
}
//limit characters allowed in fields
if (eregi("[^#-?.,!a-zA-Z0-9 ]", $_POST['mydata'])){
$errmsg_arr[] = "non allowed character found";
$errflag = true;
}
$mydata = clean($_POST['mydata']);
Any help would be very much appreciated. Not sure what to even look for as I am not a hacker, nor do I even have that mentality to even "think" what is vulnerable. Thanks.
