I was wondering if this PHP is secure enough to filter out and sanitize whatever input someone might enter into an About Me which restricts no characters...
Also any advice on what characters i should restrict for an About me or a type of field that would be on someones profile?
// This content would be in Index.php
// Head of the document and PHP
$aboutMe = $_POST['aboutMe'];
// Check if About me is valid
if($aboutMe) {
if(!validUserInput($aboutMe)) {
throw new Exception("About me contains illegal characters.");
}
else if(validUserInput($aboutMe)) {
// Echos are here only for testing...
echo "<pre>";
echo $aboutMe;
echo "</pre>";
}
}
// PHP function
//++++++++++++++++++++++++++++++++++++
// Validate a users input
//
// Check that a users input is ok
function validUserInput(&$userInput) {
$userInput = htmlentities($userInput);
$userInput = nl2br($userInput, true);
if($userInput) {
return $userInput;
}
else {
return false;
}
}
//++++++++++++++++++++++++++++++++++++
Also any advice on what characters i should restrict for an About me or a type of field that would be on someones profile?
// This content would be in Index.php
// Head of the document and PHP
$aboutMe = $_POST['aboutMe'];
// Check if About me is valid
if($aboutMe) {
if(!validUserInput($aboutMe)) {
throw new Exception("About me contains illegal characters.");
}
else if(validUserInput($aboutMe)) {
// Echos are here only for testing...
echo "<pre>";
echo $aboutMe;
echo "</pre>";
}
}
// PHP function
//++++++++++++++++++++++++++++++++++++
// Validate a users input
//
// Check that a users input is ok
function validUserInput(&$userInput) {
$userInput = htmlentities($userInput);
$userInput = nl2br($userInput, true);
if($userInput) {
return $userInput;
}
else {
return false;
}
}
//++++++++++++++++++++++++++++++++++++