I have 3 text boxes that users can enter there AIM, YIM nickname and MSN email. Once submittd it sends and stores in MySQL db.
I will use mysql_real_escape_string() of course but am not sure what is the best way to ensure no other mailicious code has been entered.
I checked and due to the 3 above allowing special characters it means i cannot use striptags and stripslashes.
They will show on a profile page so i need to ensure users cannot enter html code that will output it on page and break page etc and any other mailicous code.
So my quetion is what is the best way to validate the three above using php apart from the obvious mysql_real_escape_string() ?
I know i could use regex but i dont understand it enough to make three complex regexe(s). It would be interesting to know as obviously majority of the forums allow people to add there contact details like aim, yim, msn so i wonder how they validate them.
Any help would be appreciated.
Thanks for reading.