multiple characters needing removed

Alex Lord
Alex Lord used Ask the Experts™
Im using php but i have a problem, when allowing user to create a list they adding charaters they shouldnt, here is a list i collected below

. ; / ? ! " @ $ ()

how can i make sure non of these enter the database in one go instead of mutiple find and replaces ?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Daniel PineaultPresident / Owner CARDA Consultants Inc.
Distinguished Expert 2018

You can use preg_match() to detect them.  

What about using Javascript/JQuery on your page to block the characters in the first place?  See:


@Daniel Pineault would that be the best practice to use ?
President / Owner CARDA Consultants Inc.
Distinguished Expert 2018
First line of defense would be to control the entry on the page itself, then in PHP validate things.

str_replace() can accept an array so you should still be able to perform all you replacements with one line, so something like the following should work:
$string = str_replace(str_split('.;/?!"@$()'), '', $string)

Open in new window

You don't give too many details on the data itself, but perhaps, you may wish to look over Sanitize filters they can also be useful.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

nociSoftware Engineer
Distinguished Expert 2018

Bottom line: if you want to hetlp the use jquery etc. may help.
You will still need to strip the special characters if your API forbids them....
(Any API should enforce these checks on things it (dis)allows).

I would not rely on jQuery as it can be bypassed by user /  browser instead make sure you are using server side validation.
This will make sure it's will not save it.

I would not replaced it on the spot, it is better to inform user during the server side validation that those characters are not allowed.
You can also add a small text line under the field to inform what is not allowed to the user


thank you for the help this is just a basic input that i dont want special charaters to be passed into the backend

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial