[SOLVED] ctype() validation - allowing illegal characters

[sawade]

Hello,

I use ctype() to filter and validate a user form.  However, I am trying to allow certain characters.

 

Example:

 

//Validate Copay
$allow = array('$', '.');

if (!empty($copay) && strlen($copay) < 6 || strlen($copay) >  { // IF copay is not empty and not between 6 and 8 characters
	$error .= 'COPAY has a maximum of 8 characters.  An example of a maximum $0000.00, and a minimum $00.00.<br />';
	$output_form = true;
}

    if (!empty($copay) && !ctype_digit(str_replace($allow), '', $copay)) { // IF copay is not empty and contains illegal characters (Allow $ and .)
	$error .= 'COPAY contains illegal characters.<br />';
	$output_form = true;
}

 

With this example, my test comes back containing illegal characters.  I've tried changing it here and there, but get the same results.  Thank you!

[cags]

Does the code actually run? You are only passing str_replace one argument wheras it expects 3+. Surely your code should read...

 

if (!empty($copay) && !ctype_digit(str_replace($allow, '', $copay))) {

[sawade]

That's irriating.  LOL  I tried that before and it didn't work.  But I just tried it again and now it works.  Go figure.

 

How would I allow spaces.  For instance... 12345 Address Way

 

Would it be like this...

$allow = array(' ', '.');

[Daniel0]

If you need more sophisticated matching than provided by the ctype functions, using regular expressions would probably be a better idea.

[cags]

I did think that myself, something like...

 

if(preg_match("~[0-9$.]{6,8}~", $copay))

 

... could be used. You could make a more complex pattern to match that it is always in currency form (ie the dollar is at the start etc), but thats roughly the equivalent of what you have.

[sawade]

Thanks for the help!

[cags]

Here's a pattern that I think would match everything you expect, just incase your interested.

 

if(preg_match("~^\\$?\d{2,4}(.\d{2})?$~", $copay))
   echo "whoop";

 

No doubt somebody will post a better solution, I just like to get an attempt in first

[sawade]

Thanks.  I'll copy that and test it in my code later.  I'm sure if I move pieces of my code into regular expressions, I'll be posting again.  LOL  I am SO bad at them. 

[salathe]

The OP says that a minimum value would be $00.00 so it doesn't look like the dollar symbol nor decimal values are optional. If that's the case, /^\$\d{2,4}\.\d{2}$/D will suffice. 

 

Offtopic:

 

cags, your pattern is ok but has a couple of problems in this case.  As above, it does not look like the dollar nor decimals are optional which your regex says they are.  The two main points I wanted to whisper across are that a) the dot is not escaped so will match any non-newline character (including a dot), b) you use the dollar anchor quite rightly, but it can allow a trailing newline in the subject string unless you use the D modifier: e.g. the string "$1234567\n" is allowed.

 

P.S. I feel terrible commenting on peoples' solutions (and all the time after the threads have been solved!) when all they are trying to do is be helpful.  If my two cents that I keep throwing around are starting to sting, do let me know! :-\

[Daniel0]

P.S. I feel terrible commenting on peoples' solutions (and all the time after the threads have been solved!) when all they are trying to do is be helpful.  If my two cents that I keep throwing around are starting to sting, do let me know! :-\

 

Personally, I think it's great. It's always nice getting a neater solution.

[cags]

P.S. I feel terrible commenting on peoples' solutions (and all the time after the threads have been solved!) when all they are trying to do is be helpful.  If my two cents that I keep throwing around are starting to sting, do let me know! :-\

 

Personally, I think it's great. It's always nice getting a neater solution.

 

I quite agree, might as well learn something whilst I'm here, I had never used a regex untill a few weeks ago, so I undoubtedly have alot to learn. I purposefully left the dollar and fullstop/decimal value as optional because in my experience when asked to write in a 'cost' a high percentage of people will just write 1000 completely omitting the decimal and dollar sign. I guess at the end of the day thats down to interpretation of the OP's requirements and I'm sure the OP can make a choice based on the suggestions put forward.

 

a.) Not escaping the fullstop was of course an oversight, oops.

b.) I wasn't aware the dollar anchor would allow a \n character before it. Can you suggest somewhere I can read up about that? In this case I imagine it's unlike to cause a problem as the value probably comes from a textbox. But I guess it's better to be 100% acccurate.

c.) I love hijacking peoples posts when their problem is solved for the purpose of learning something new .

[salathe]

Personally, I think it's great. It's always nice getting a neater solution.

I quite agree, might as well learn something ...

Alrighty, just so long as people aren't getting riled by the smarty-pants jumping on already solved threads. 

 

b.) I wasn't aware the dollar anchor would allow a \n character before it. Can you suggest somewhere I can read up about that? In this case I imagine it's unlike to cause a problem as the value probably comes from a textbox. But I guess it's better to be 100% acccurate.

There's a page in the PHP manual for the ^ and $ metacharacters: http://php.net/regexp.reference.circudollar (I'd also heartily recommend that entire section on "Pattern Syntax" as something to digest over some time).

[cags]

Well I tried to read that page, to start with it made me feel like an idiot. Alot of it might as well have been written in latin for all the sense it made to me at first glance. After re-reading it about a dozen times I think I got it though  :-\. It's easy to understand why regex is considered a 'dark art'.

[salathe]

If you have any suggestions with regards to making that page more readable then please PM me and I'll be happy to have a chat about it with you (and suggestions might very well make it into the manual). I'm aware that the manual can be a little too technically written with lots of jargon, so any changes to make it more understandable are welcome.