Hello everyone. I need help to protect my insert form from special characters as those (~!@#$%^&*()_+=][\';/.,<>., (AND CAPITAL LETTERS)) I tried everything but it didn't work. Here is a basic example of my project.
(the form work perfectly, I can see the posted messages in the database)
1st php page
$HOST="*******"
$USERNAME="*******"
$PASSWORD="********"
$DB_NAME="********"
$TABLE_NAME="******"
Mysql_connect(...)
mysql_select_db(...)
//get value from insert form
$name=$_POST['name'];
//remove special characters
$name = htmlentities($name) ;
$sql="INSERT INTO $tbl_name(name)VALUES('$name')";
$result=mysql_query($sql);
// if successfully insert data into database, displays message "Successful".
if($result){
echo "Successful";
echo "<BR>";
echo "<a href='members.php'>Back to main page</a>";
}
else {
echo "ERROR";
}
// close connection
mysql_close();
2nd php page:
<html>
<form name="form1" method="post" action="insert.php" >
<input name="name" maxlength="15" type="text" id="name"></td>
<input type="submit" name="Submit" value="Submit"></td>
</form>
</html>
Please help me to remove special characters from being send to my MySQL database. I want to allow only those characters (a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) Also, if you can tell me how to prevent my form from sql injections it will be great If you can add a captcha to that form, it will be cool 2. thank for helping
