Keeping Whitespace But Remove Characters PHP

JamesU2005 · 15 Jan 2008 at 11:56

I'm inserting some values into a MySQL database but want to remove any suspicious characters whilst preserving whitespace.

Would just mysql_real_escape_string be sufficient in terms of security?

Cheers.

Augmented · 15 Jan 2008 at 12:19

Yes, but it won't actually remove any characters, just escape them so they'll be safe to use in a MySQL query.

If you want to remove particular characters, you need to write an expression to filter them out specifically. How you write that depends on what you consider 'suspicious'. Do you just want numbers, just letters, just uppercase characters, no punctuation etc.

JamesU2005 · 15 Jan 2008 at 12:36

Well I want to keep numbers and letters (Upper and Lower case are fine), plus punctuation such as Full stop, question mark and exclamation mark.

Everything else such as Quotes etc would rather remove.

I've tried looking on Google and most of the 'replace strings' remove whitespace aswell.

m1ke · 15 Jan 2008 at 15:15

http://uk3.php.net/str_replace should do it. You can create an array of 'suspicious' char's you want to remove and replace any instance of them with nothing.

Inquisitor · 15 Jan 2008 at 15:22

JamesU2005 said:
Everything else such as Quotes etc would rather remove.

Why do you want to do that? They're perfectly safe as long as they're escaped appropriately.