Make entry field secure

Question

andym67 0 Newbie Poster

14 Years Ago

Hi all,

Pretty new to PHP and I am trying to get a handle on securing a form fields data. For example, I have a simple form where user enters information into a field called mydata. The field must be able to contain multiple words and basic punctuation. What I have now is shown below in the code. Is this "really" secure? I have a good feeling that my site will become a target. Also, what should I use inplace of eregi as I just saw where that is deprecated in php5# and removed in PHP6+

//Function to sanitize values received from the form.
function clean($str) {
	$str = @trim($str);
	if(get_magic_quotes_gpc()) {
		$str = stripslashes($str);
	}
                $str = strip_tags($str)
                $str = htmlspecialchars($str,ENT_QUOTES);
	return mysql_real_escape_string($str);
}

//limit characters allowed in fields
        if (eregi("[^#-?.,!a-zA-Z0-9 ]", $_POST['mydata'])){
            $errmsg_arr[] = "non allowed character found";
            $errflag = true;
        }

$mydata = clean($_POST['mydata']);

Any help would be very much appreciated. Not sure what to even look for as I am not a hacker, nor do I even have that mentality to even "think" what is vulnerable. Thanks.

data-entry htmlspecialchars mysql-real-escape-string php secure strip-tags

Edited 14 Years Ago by andym67 because: n/a

2 Contributors
1 Reply
167 Views
10 Hours Discussion Span
Latest Post 14 Years Ago Latest Post by ShawnCplus

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

ShawnCplus 456 Code Monkey Team Colleague · Answer 1 · 2009-10-02T00:50:06+00:00

A) Don't use ereg anything.

B) http://php.net/filter_input