Well I use JavaScript!

You can use Reg Expression Object in which you can define specifically the characters the user can place!

Then there are some other functions like IsNaN (is not a number) that checks if there is anything else than a number inside the field, etc...

There are also mechanisms inside PHP but I`m pretty unfamilliar with those, so if this doesn`t help you I`m sorry!
JavaScript serves me fine so I guess you could check out the JavaScript forum! :)

Hi toltec75,

I really want to do this in php :->

Turbo

Well I`m sorry then! ;)

Someone else?

There's a page in the PHP manual specifically relating to SQL injection:

[php.net ]

Basically, if you're expecting a particular type of input (alphanumeric or numeric) then check for it, or convert it; if you're expecting a particular format of input (URL or email address etc.) then use a regular expression to check for it; use addslashes on any data that gets written to the database; limit the site's permissions so database deletions and other catastrophic commands cannot be run.

As you no doubt know, using Javascript for form checking in this kind of scenario is not realistic, as it can easily be switched off. However, using both PHP server-side validation and Javascript client-side checking to enhance usability is a nice touch.

As an example, a regular expression function used for checking URLs (which may be a little out of date now, as I haven't checked it against the current list of TLDs):

// Check for valid URL
function api_is_url($input)
{
if ($input)
{
if (eregi("^http://[-a-z0-9]+(\.[-a-z0-9]+)
*\.(com圯du夙ov夷nt妃il好et她rg在iz夷nfo好ame妃useum圭oop地ero吆a-z][a-z])
(/[-a-z0-9_:\@&?=+,.!/~*'%\$]*)*$", $input)) return 1;}
}