Hello everyone. I need help to protect my insert form from special characters as those (~!@#$%^&*()_+=][\';/.,<>., (AND CAPITAL LETTERS)) I tried everything but it didn't work. Here is a basic example of my project.
(the form work perfectly, I can see the posted messages in the database)
1st php page
//get value from insert form
//remove special characters
$name = htmlentities($name) ;
$sql="INSERT INTO $tbl_name(name)VALUES('$name')";
// if successfully insert data into database, displays message "Successful".
echo "<a href='members.php'>Back to main page</a>";
// close connection
2nd php page:
<form name="form1" method="post" action="insert.php" >
<input name="name" maxlength="15" type="text" id="name"></td>
<input type="submit" name="Submit" value="Submit"></td>
Please help me to remove special characters from being send to my MySQL database. I want to allow only those characters (a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) Also, if you can tell me how to prevent my form from sql injections it will be great If you can add a captcha to that form, it will be cool 2. thank for helping