Hello All -
I'm writing a script that does the following:
1. takes $_POST vars from a guestbook and contact form
3. all field data gets run through htmlentities and is quarantined pending admin authorization
I'm using preg_replace (not preg_match) to highlight the above characters via span pairs.
while I guess this is a good start, would anyone be willing to share a comprehensive pattern that would catch most of the "bad stuff" thrown at html forms?
Thanks to all in advance
PS: some of the "bad" test strings I'm using contain: urls and links surrounded by square brackets.
What are these items?