Omzy Posted May 18, 2009 Share Posted May 18, 2009 This is probably a very easy one and I have searched online but there are so many different methods that it's confusing me. Basically I have a form with an input field, the form is submitted via POST and all I want to do is validate the input so that special characters are not allowed - for example - brackets, commas, apostrophes, and all other special characters, apart from dash and underscore. Is there a built-in PHP function that will do this? Also are there any other techniques I can use to validate the input fields so that they are secure from SQL injection attacks and bogus content? Quote Link to comment https://forums.phpfreaks.com/topic/158561-input-validation/ Share on other sites More sharing options...
Dathremar Posted May 18, 2009 Share Posted May 18, 2009 I would suggest for you to use javascript to check this. Here is a javascript function function Check_chars( data ) { var iChars = "!@#$%^&*()+=-[]\\\';,{}|\"<>?~_"; // Just put here what You want to be considered as invalid char for (var i = 0; i < data.length; i++) { if (iChars.indexOf(data.charAt(i)) != -1) { //alert ("Your string has special characters. \nThese are not allowed."); return false; } } return true; } Quote Link to comment https://forums.phpfreaks.com/topic/158561-input-validation/#findComment-836286 Share on other sites More sharing options...
Omzy Posted May 18, 2009 Author Share Posted May 18, 2009 Sorry, has to be PHP validation, as JavaScript is easily bypassed.. Quote Link to comment https://forums.phpfreaks.com/topic/158561-input-validation/#findComment-836287 Share on other sites More sharing options...
Adam Posted May 18, 2009 Share Posted May 18, 2009 Regular expressions are very useful for filtering out a custom set of characters. I'd recommend reading the tutorials for in the future. To filer out all characters except a-z A-Z 0-9 _ -: $str = "(-test'String001_),"; $str = preg_replace('/[^\w-]/', '', $str); print $str; Quote Link to comment https://forums.phpfreaks.com/topic/158561-input-validation/#findComment-836288 Share on other sites More sharing options...
Omzy Posted May 18, 2009 Author Share Posted May 18, 2009 Cheers for that. How do I put that preg_replace into an IF statement? I.e. If(the string contains illegal characters) { echo "Error"; } Quote Link to comment https://forums.phpfreaks.com/topic/158561-input-validation/#findComment-836293 Share on other sites More sharing options...
Dathremar Posted May 18, 2009 Share Posted May 18, 2009 Read this preg_replace, You can count the replace made. You can use preg_match, for searching if the string contains illegal chars Quote Link to comment https://forums.phpfreaks.com/topic/158561-input-validation/#findComment-836297 Share on other sites More sharing options...
Omzy Posted May 18, 2009 Author Share Posted May 18, 2009 OK well I tried: if(preg_match('/[^w-]/', '', $str)) { echo "Error"; } But that doesn't seem to work. It also seems to be causing an "array to string conversion" error further down the script. Quote Link to comment https://forums.phpfreaks.com/topic/158561-input-validation/#findComment-836310 Share on other sites More sharing options...
Omzy Posted May 18, 2009 Author Share Posted May 18, 2009 Anyone? I'm working towards a deadline here! Quote Link to comment https://forums.phpfreaks.com/topic/158561-input-validation/#findComment-836325 Share on other sites More sharing options...
KevinM1 Posted May 18, 2009 Share Posted May 18, 2009 OK well I tried: if(preg_match('/[^w-]/', '', $str)) { echo "Error"; } But that doesn't seem to work. It also seems to be causing an "array to string conversion" error further down the script. Looks like you're calling preg_match wrong, as the second argument is supposed to be the string you're checking. So, try: if(preg_match('/[^w-]', $str)) { echo "Error"; } Quote Link to comment https://forums.phpfreaks.com/topic/158561-input-validation/#findComment-836347 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.