Hi all,

Pretty new to PHP and I am trying to get a handle on securing a form fields data. For example, I have a simple form where user enters information into a field called mydata. The field must be able to contain multiple words and basic punctuation. What I have now is shown below in the code. Is this "really" secure? I have a good feeling that my site will become a target. Also, what should I use inplace of eregi as I just saw where that is deprecated in php5# and removed in PHP6+

//Function to sanitize values received from the form.
function clean($str) {
	$str = @trim($str);
	if(get_magic_quotes_gpc()) {
		$str = stripslashes($str);
                $str = strip_tags($str)
                $str = htmlspecialchars($str,ENT_QUOTES);
	return mysql_real_escape_string($str);

//limit characters allowed in fields
        if (eregi("[^#-?.,!a-zA-Z0-9 ]", $_POST['mydata'])){
            $errmsg_arr[] = "non allowed character found";
            $errflag = true;

$mydata = clean($_POST['mydata']);

Any help would be very much appreciated. Not sure what to even look for as I am not a hacker, nor do I even have that mentality to even "think" what is vulnerable. Thanks.

Edited by andym67: n/a

8 Years
Discussion Span
Last Post by ShawnCplus
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.