Menu
Community /Pin to ProfileBookmark
@NogDogMay 27.2012 — #If your aim in this case is to remove all non-alpha characters:
However, in most cases it's better to simply validate that the field contains the correct type of data and if not return an error to the user, rather than assume you know what they meant to type in and silently change it without the user being given a chance to correct it (see the aforementioned ctype_alpha() in this case).
Best way to secure $_GET & $_POST
Me again.
What is the most effective way to secure such data?
I made this, it seems to work, but i dont feel its secure.
[code=php]
function Secure($str){
$arr = str_split($str,1);
$sec = ”;
foreach ($arr as $a){
if ($a >= ‘a’ && $a <= ‘z’ ) $sec = $sec . $a;
elseif ($a >= ‘A’ && $a <= ‘Z’ ) $sec = $sec . $a; }
return $sec; }
Any data i receive should only ever contain letters.
Is this secure?
Could it be better?
Thanks.
Sign in
to post a comment4 Comments(s) ↴
0
@NogDogMay 27.2012 — #If your aim in this case is to remove all non-alpha characters:[code=php]
return preg_replace('/[^a-zA-Z]/', '', $str);
[/code]However, in most cases it's better to simply validate that the field contains the correct type of data and if not return an error to the user, rather than assume you know what they meant to type in and silently change it without the user being given a chance to correct it (see the aforementioned ctype_alpha() in this case).