I've got a quesiton a bit like Q_21585750.html. I've got a website where entries from textareas are saved to a MySQL database, and can later be viewed and edited.
I've got some code to reduce the risk of errors/malicous entries. I use the code in a function applied to all text entered in the website (that may come from textareas or text boxes). Also use it to check any text variables picked up using $_GET.
$pattern = "/[^a-zA-Z0-9\.\!\-\_\?\@\\r\,\ \)\(\']/";
$value=preg_replace($pattern, "", $value);
My first problem was that the MySQL database generated errors when strings contained the ' character. Can resolve that by adding the following rows to the function:
$pattern2 = "/[']/";
$value=preg_replace($pattern2, "\'", $value);
However, when I reload the information in a textarea to edit it, it gets cut short at the point where the ' appears. Just wondering if there's a good way to get round this problem?