a question on server-side validation 2

[tiamat2012]

Hey all,

My client has requested that I allow certain symbols in the forms. The only problem is that if I try to insert the strings with symbols such as an apostrophe or a quote, it will cut off the MySQL statement (using a MySQL database).

My solution is to change the code to special characters (like instead of a " mark it would be " so it is displayed the same way but not processed in the MySQL.)

Also I was wondering if there were a list of symbols that affect PHP/MySQL (like I know ", ', $) but if it was only a few then I would only have to do those specific ones.

Does anyone have a good basis for doing this or any useful functions that would help?

-Kerry

 

[Vragabond]

I think a good deal of work on that has already been done and you can just use this simple function to convert all your dubious characters: htmlentities().

 

[jpadie]

@Vragabond: would you recommend htmlentities() for database entry over simple escaping of the relevant characters?

 

[Vragabond]

I work with a lot of special characters and have noticed that the easiest and full-proof scheme is to convert all of them to entities. This way you're assured best cross-browser compatibility, validity of the html document and have never any problems with something that was unforseen.

 

[jpadie]

thanks. that's useful.

 

[tiamat2012]

Awesome! That's perfect, thank you.

-Kerry