Sanitising for HTML from a form POST

If server magic quotes is turned on then it will add / before a single and double quotes in the text, so strip them out first:

  $MyTextField = trim($_POST['MyTextField']);
  $MyTextField = stripslashes($MyTextField);
  $MyTextField = htmlspecialchars($MyTextField, ENT_QUOTES);

\n new line characters will still be stored as \n (htmlspecialchars() doens’t convert them to <be>). You can convert them now using nl2br() or when you display the text again (usually better to do when displaying as HTML, not when storing to db).

When outputting multiline text – Convert \n character to <br> when displaying text within page html output
  $MyTextField = Results['MyTextField'];
  $MyTextField = nl2br($MyTextField);    //Convert '\n' to <br>
Removing new lines in a text box
$MyText = str_replace("\r\n"," ", $MyText);
$MyText = str_replace("\n"," ", $MyText);
Removing other characters
  $MyTextField = str_replace("\t"," ", $MyTextField);

Other slashes functions that are available

We benefit hugely from resources on the web so we decided we should try and give back some of our knowledge and resources to the community by opening up many of our company’s internal notes and libraries through mini sites like this. We hope you find the site helpful.
Please feel free to comment if you can add help to this page or point out issues and solutions you have found, but please note that we do not provide support on this site. If you need help with a problem please use one of the many online forums.


Your email address will not be published.