Jump to content
Killersites Forums

Cleaning Form Data (Validation)


Recommended Posts

Hey everyone!

I'm trying to find the best way to clean some incoming POSTed data (to protect me from the bad guys of course), and was wondering if htmlentities is doing anything useful for me if I'm just going to strip the incoming data of everything except letters and numbers anyway.

 

Question #1: Can the htmlentities line be removed without affecting security in any way?

 

Question #2: Is using preg_replace like this an effective way to secure my website from this incoming data?

 

 

$name_dirty = htmlentities($_POST['name'], ENT_QUOTES);

$name_cleaned = preg_replace('#[^A-Za-z]#i', '', $name_dirty);

 

 

Thank you Developer-Guru's! :)

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...