do you have a function already assembled that you tend to use throughout your applications in order to sterilize inputted text? care to post it? i cover some things, but i'm sure i'm missing others...and i'm sure google would have some, but i kinda like you guys

6/16/2008 4:10:19 PM

You mean like mysql_real_escape_string()?

6/16/2008 4:12:50 PM

yes...but what if you're not using mysql?

my experience is limited - i suppose there's a version of that for all types of sql databases

6/16/2008 4:25:42 PM

there's addslashes() too. but really, neither of these provides particularly excellent sanitation. i don't have any recommendations beyond these, but just keep in mind they aren't perfect

6/16/2008 4:42:13 PM

do y'all recommend converting carriage returns into <br /> tags?

6/16/2008 4:46:14 PM

all depends on what you're doing with the inputted text

i've always been partial to paragraphs

function nl2p($text) {
   return preg_replace("/<p>\s*</p>/", "", "<p>".preg_replace("/\r?\n/", "</p><p>", $text)."</p>"));
}

6/16/2008 4:50:52 PM

^^ maybe on the output side, but not on the db side

6/16/2008 4:52:43 PM