Re: What chars are considered safe?
From: Chung Leong (chernyshevsky_at_hotmail.com)
Date: 02/28/05
- Next message: Chung Leong: "Re: PHP Script - Efficient use of execution time"
- Previous message: Chung Leong: "Re: OT (possibly): Scheduled actions"
- In reply to: Derek Fountain: "What chars are considered safe?"
- Next in thread: NC: "Re: What chars are considered safe?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 28 Feb 2005 12:49:02 -0500
"Derek Fountain" <nospam@example.com> wrote in message
news:4222625c$0$4768$5a62ac22@per-qv1-newsreader-01.iinet.net.au...
> I was just writing a sanitisation route for a bit of user input. The data
is
> an English text description of a product, and will go into a DB, then back
> out to other user's browsers.
>
> As per normal practise, I was working on the basis of leaving in all
> characters that I considered safe and stripping out everything else. This
> led me to think of what characters are actually safe, given that the user
> will want to be able to use at least basic punctuation, currency symbols
> and so on. Avoiding < and > seemed obvious, but most other things have a
> use I think.
>
> My current line looks like this:
>
> $data = preg_replace( '/[^\s\w\d@"\'()[]{}:#~!$%&*_-+.,]/', "", $data );
>
> (Note that's a list of chars that are *not* to be replaced.) Are any of
> these dangerous? Or have I left out some that are harmless and should be
in
> there?
What encoding are you using? None of the characters above (maybe except 255)
is special, so I think can be safely included. People like to have their
curly quotes and m-dashes.
- Next message: Chung Leong: "Re: PHP Script - Efficient use of execution time"
- Previous message: Chung Leong: "Re: OT (possibly): Scheduled actions"
- In reply to: Derek Fountain: "What chars are considered safe?"
- Next in thread: NC: "Re: What chars are considered safe?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
