Hi Larry,
Greg again. Once more my apologise for posting question on the comments forum of your book. At your suggestion I moved them here:
I’ve noticed that you suggest the use of ctype and filter. However many people noticed errors with internationalization. I personally am inclined to use regular expressions to blacklist, whitelist and validate. I (recursively) eliminate the control characters from all user data than resolve the magic quotes issue than validate than typecast the result than filter with mysqli_real_escape_characters if it has to go to a database. Is this a redundant effort?
For example if no control characters are allowed from beginning, no chance of mail injection (like your “scrubber” function on the other book to deal with the mail injection).
Than a \p{L} will assure me, for example, that I will have only letters in any language or just from a particular language like \p{Thai}. Is this approach bad? What benefits could possible give me ctype and filter compared with a class that performs what I mentioned? Basically regular expressions against new (and still buggy at this time) PHP functions. Thank you and I’ll appreciate if you’re kind to answer.