how to stop people entering stuff which causes errors

Forum Moderators: coopster

Message Too Old, No Replies

how to stop people entering stuff which causes errors

special characters

HelenDev

9:17 am on May 20, 2004 (gmt 0)

I've noticed that when people enter stuff into the search box on my site, some characters cause error messages to appear. The ones I've noticed so far are ' and % (which really causes havoc!). I need to strip these out and be aware of any other characters I should watch out for. Funnily enough characters like " and @ seem to be fine.

I've put this code in which strips out ' but not % for some reason...

//stripslashes function 
$searchtext = stripslashes($searchtext) ;
// don't let em put in nasty tings
$nastytings = array("%","'");
$searchtext = str_replace($nastytings,"",$searchtext);

Can anyone tell me

a)how I can make this work for %
b)why some characters cause problems and some don't
c)is there a php function to do this a whole lot simpler

Thanks,

Helen.

venelin13

11:51 am on May 20, 2004 (gmt 0)

Hello, your code works for me perfectly. Well, you may see these functions

htmlentities() [php.net]

and

htmlspecialchars() [php.net]

HelenDev

1:13 pm on May 20, 2004 (gmt 0)

Thanks venelin13.

You're right, the code does work, I was putting it too late in the page, doh! I have now used htmlentities as well.