gtzpower Posted April 28, 2008 Share Posted April 28, 2008 can anyone help me with this simple RegEx test? Here's my code: if (eregi("(\r|\n)", $_POST['email'])) { // block email injection attacks die("An error has occurred. Please verify that you have submitted a valid email address."); } else { echo $_POST['email']; } the resulting page shows \r\n (when I submit \r\n for the email address). I can't get the die to execute! However, if I do this: if (eregi("(\r|\n)", "\r\n")) { //Note the elimination of the POST var the evaluation is true. Any hints? Quote Link to comment Share on other sites More sharing options...
moselkady Posted April 28, 2008 Share Posted April 28, 2008 Try this one: if (eregi("[\r\n]", $_POST['email'])) Quote Link to comment Share on other sites More sharing options...
gtzpower Posted April 28, 2008 Author Share Posted April 28, 2008 still have the same issue even with that one. I think it has something to do with the POST var holding a literal value. For example, if I run: if($_POST['email'] == "\r\n") { echo "dub"; } if($_POST['email'] == '\r\n') { echo "sin"; } 'sin' is echoed. So, my "" around the regEx is looking for a whitespace character of carriage return\new line, while I am giving it the literal of '\r\n'. I still don't know how to get around this though Quote Link to comment Share on other sites More sharing options...
moselkady Posted April 28, 2008 Share Posted April 28, 2008 My mistake :-\ I didn't realize you have them as literal '\r\n'. This I think would work <? if (eregi("[\\r\\n]", 'aa@bb.c\r')) echo 1; ?> Quote Link to comment Share on other sites More sharing options...
gtzpower Posted April 28, 2008 Author Share Posted April 28, 2008 Thanks for the reply, however, now nothing with an 'r' or an 'n' is allowed through. e.g. "rob@web.com" is resulting in an error. Any other thoughts? Quote Link to comment Share on other sites More sharing options...
moselkady Posted April 28, 2008 Share Posted April 28, 2008 Ok. I think this will finally work <?php if (eregi("[\\][rn]", 'aa@bb.cc\r\n')) echo "1\n"; if (eregi("[\\][rn]", 'aa@nn.rr')) echo "2\n"; ?> Quote Link to comment Share on other sites More sharing options...
gtzpower Posted April 29, 2008 Author Share Posted April 29, 2008 Thanks! That works for \r or \n, but unfortunately it won't work for %0A, etc.. I guess what I am really asking is why is it that the regular expressions for testing this stuff that I can find on umpteen billion sites are not working on mine? Is there a php setting for post vars that needs changed or something? I would ideally like to search for the whitespace character rather than searching for every possible way of creating the whitespace character Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.