0

I was checking for an answer to only accept certain type of characters and ignoring some.

I found a link in stack itself, here

But, even though that prevents from entering the data in text box, anyone with a little knowledge of how to inspect the content and delete the pattern from client side will allow it to enter any detail it wants and send to database.

Is there any way I can prevent it for my website? I don't want certain characters like space, semicolon, etc.

Frontend in html & php Backend in MySQL

remedcu
  • 526
  • 1
  • 10
  • 31

2 Answers2

1

First of all, You can define a type for each column in your database, for example, if you set type as integer - you won't be able to insert anything else.

Let us assume you're looking to "filter" or manipulate strings in your database - I Would make a regex to replace any unwanted character from the string and the insert it into database.

MyLibary
  • 1,763
  • 10
  • 17
1

It could be done with pattern attribute on clients side, but HTML5 textarea element does not support the pattern attribute.

The another way is to use JavaScript (as you mentioned) 

var text = $('textarea').val();
var expres = /[^a-zA-Z0-9\!\@\#\$\%\^\*\|]+/;
if(expres.test(text)){       
     //... some action
}

If you would like to replace invalid characters, you can use jQuery function replace() which is similar to preg_replace() in PHP and it accepts regular expresions.

You could check validity on server side (in PHP) too (before inserting the values to db)

preg_replace("/[^A-Za-z0-9 ]/", '', $string);
Jax-p
  • 7,225
  • 4
  • 28
  • 58