Hi all,
Got a question about replacing values and such from form inputs.
Basically, i’d like to stop sql injections and form hijacking. At the moment, ive restricted what the user can put in, in terms of characters. I’ve dissallowed ’ but, i was thinking of replacing certain characters, like any &'s to & and escape ’ and " to ’ and " so the user can use them in their comment, such as normal grammer, example - “hello, i’m an elf!”
I have a vague idea on what to do but is there any better way of going about this?
Thanks
