Hello everyone. I need help to protect my insert form from special characters as those (~!@#$%^&*()_+=][’;/.,<>., (AND CAPITAL LETTERS)) I tried everything but it didn’t work. Here is a basic example of my project.
(the form work perfectly, I can see the posted messages in the database)
1st php page
[php]
$HOST=“"
$USERNAME="”
$PASSWORD=“"
$DB_NAME="”
$TABLE_NAME="******"
Mysql_connect(…)
mysql_select_db(…)
//get value from insert form
$name=$_POST[‘name’];
//remove special characters
$name = htmlentities($name) ;
$sql=“INSERT INTO $tbl_name(name)VALUES(’$name’)”;
$result=mysql_query($sql);
// if successfully insert data into database, displays message “Successful”.
if($result){
echo “Successful”;
echo “
”;
echo “Back to main page”;
}
else {
echo “ERROR”;
}
// close connection
mysql_close();
[/php]
2nd php page:
[php]
[/php]
Please help me to remove special characters from being send to my MySQL database. I want to allow only those characters (a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) Also, if you can tell me how to prevent my form from sql injections it will be great If you can add a captcha to that form, it will be cool 2. thank for helping 