Johnny2 Posted March 12, 2013 Report Share Posted March 12, 2013 Hey everyone! I'm trying to find the best way to clean some incoming POSTed data (to protect me from the bad guys of course), and was wondering if htmlentities is doing anything useful for me if I'm just going to strip the incoming data of everything except letters and numbers anyway. Question #1: Can the htmlentities line be removed without affecting security in any way? Question #2: Is using preg_replace like this an effective way to secure my website from this incoming data? $name_dirty = htmlentities($_POST['name'], ENT_QUOTES); $name_cleaned = preg_replace('#[^A-Za-z]#i', '', $name_dirty); Thank you Developer-Guru's! Quote Link to comment Share on other sites More sharing options...
PicnicTutorials Posted March 13, 2013 Report Share Posted March 13, 2013 I don't know the answers to your questions but her is how I do it http://www.websitecodetutorials.com/code/php/how-to-html-form-with-php-js-captcha-validation.php Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.