Helo,
I have to process several forms, after validation. I also need to keep it secure. I shall use MySQL.
Now, I have been trying to use a modified example for the form submission. What I found was that, when I use a TEXTAREA, whenever there are linebreaks, it replaces them with <br />. When I resubmit it, it adds more <br />s. So I tried to get rid of them *while displaying in the TEXTAREA* in the following way:
$pap_abstract = preg_replace('=<br */?>=i',"",$pap_abstract);
|
But it still shows <br /> in the context of TEXTAREA, but it removes any extra <br />s. So it appears that it removes all, but TBS is adding <br /> before it displays. (Incidentally, it seems to be correctly handling special characters and script insertion attempts..., though I am not sure if it was TBS or the PHP daemon that is doing it...
As it looks odd to have <br /> lines in the value of a text box, is there a way to remove the same?
More over, if I take some input from the user and try to run a MySQL query..., PHP itself adds some security with magicquotes. I want to remove the extra slashes and do mysql_real_escape_string.
From this perspective, as I have noticed that TBS already seems to be doing some processing, could you please tell what is required to process for security?