php beginner here again...
I want to validate names of people and cities, as user input. Some names will have special characters. (Jónsdóttir, Québec, etc.)
I realize I really cannot stop someone from inputting:
Mickey Mouse, Orlando, Florida
in the first-name, last-name, city, and state fields...
But, it would be nice to keep out
JJ#*#H, 1=1, DROP TABLE CUSTOMER--
In addition to using mysql_real_escape_string() on each field, what else makes sense to try to stop some nonsense input?
(The member does have to input a real email address, and a validation code is sent there. But, as we all know, someone can have as many email addresses as they want.)
Is this startegy, (along with mysql_real_escape_string), enough:
That is just a partial list. Should I add in all the special characters that I want to allow - that is, special characters that could be in names of cities and people around the world?
Obviously, that list doesn't include Chinese, Japanese, Vietnamese, et. etc. characters... but I have not really seen a US-based website that people's names were shown in Mandarin Chinese, for example. I would think it is typical Americentric bad etiquette to force people to anglicize their names...but again, it is a US-based website.
Thanks for any ideas on how to handle this both from a (server-side php) security standpoint, and for a friendly way for the site to take and display the names of people using the special characters they normally use.