[nycphp-talk] Best practice for escaping data
Randal Rust
randalrust at gmail.com
Thu Feb 15 20:04:47 EST 2007
On 2/15/07, Chris Shiflett <shiflett at php.net> wrote:
> I'm wondering if you use it for completely free-form data, where you
> don't have any particular rules that you can enforce.
Yes, that's what I use it for. Particular fields that I pass through
it are headline, subheadline, description -- basic fields for a news
article.
> You mentioned other functions for specific types of input.
Here is an example:
function validateNumeric($value){
$value=trim($value);
$pass=preg_match('/^[0-9]+$/', $value);
return $pass;
}
And this one, which uses some things I picked up from your book:
function validateAlpha($value){
$value=trim($value);
if(empty($value)){
$pass=false;
}
elseif(!empty($value)){
//$pass=preg_match('/^[a-zA-Z-]+$/', $value);
$pass=ctype_alpha($value);
}
return $pass;
}
--
Randal Rust
R.Squared Communications
www.r2communications.com
More information about the talk
mailing list