html characters

ralitza

04-29-2006, 11:50 PM

i am currently using the following to validiity form fields
$email=stripslashes(htmlspecialchars($_POST['email']));

thats fine and all, but i would like the user to be able to login using their email but htmlspecialchars filters out @. what is another way to secure my forms but allow users to login with their email?

chump2877

04-29-2006, 11:58 PM

don;t think htmlspecialchars converts the @ symbol: http://us2.php.net/manual/en/function.htmlspecialchars.php

you sure you're not using htmlentities(http://us2.php.net/manual/en/function.htmlentities.php)?

Muhammad Haris

04-30-2006, 12:20 AM

function myurlencode ( $TheVal )
{
return urlencode (str_replace("@","%40",$TheVal));
}

$email= myurlencode($_POST['email']);

this could help you maybe?

trib4lmaniac

04-30-2006, 05:11 PM

Why do you need to filter out HTML characters anyway? You only need to escape data before you output it (for this sort of validation anyway; you still need to check for things like SQL injections in certain cases).

ralitza

05-05-2006, 09:57 PM

what should i use that is both secure and allows member to use their email as their login?