Advice on REGEXP in PHP

[DamienRoche]

Hi guys, I was wondering if anyone knows how to use a regexp to exclude special chars like < or " .

 

Basically, I do not want to process a form if a field contains <,",! or just anything that would be considered unusual and part of a scripting languages syntax.

 

Any thoughts?

 

Thanks.

[papaface]

      <?php
      $string_to_be_stripped = "STRIP £$%^&*( ME $%^&*(";
      $new_string = ereg_replace("[^A-Za-z0-9 ]", "", $string_to_be_stripped );
      echo $new_string;// STRIP ME
      ?>

[DamienRoche]

Thank you very much. That will come in handy.

 

I have also found another, less secure, way for any one else interested.

 

$illegal = "/\.|\"|\'|\,|\?|\(|\-|\<|\>|\;|&lt|&gt|\&|\=|\+|\@|\\\|\/|\:|\#|\!/";
$illegallax ="/\(|\<|\>|&lt|&gt|\=|\+|\@|\#|\!/";

if(preg_match($illegal,$first_field) 
|| preg_match($illegal,$second_field) 
|| preg_match($illegallax,$lax_field)
){
echo '<span style="color:red;">POSSIBLE HACK ATTEMPT!</span><br>
Details have been stored and sent to [email protected] who will investigate shortly.';
  return;
}

 

I'll look at using this in conjunction with the solution provided above. That way security should be pretty much water-tight on this front.

 

Thanks again.

[Jabop]

The first method that was provided removes everything that is not A-Z, a-z, 0-9, or a space.

 

The way that you posted, removes from a list of invalid characters. Choose which works best for your implementation.