Jump to content


Regex my form data

  • Please log in to reply
2 replies to this topic

#1 russia5

  • Members
  • PipPipPip
  • Advanced Member
  • 94 posts

Posted 02 September 2006 - 01:48 PM

From a previous post, I understand the general Regex formula and application.
if (!preg_match("/[a-z0-9]$/i", $id))
    die ("incorrect name.");

where $id = $_Post('id');

Except, does this only limit small letters?  The post said this included cap letters too.

Also, I need to include:  . and ? and ! and ' and " and :

Another question, is that mysql_real_escape_string() puts in the escapes but they do not change the context of the output ie)  O'Rielly
will not be O/'Rielly.  either in the db or in the output.

Does preg_match do the same thing?  If we input say $DELETE will $DELETE appear on the output (given the above Regex)  If not, what will appear in place of $?

Thanks to all who contemplate my issues.

#2 wildteen88

  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 02 September 2006 - 03:27 PM

The below regex:
Is case-insensitive, it allows upper and lower case letters, as you have the i syntax mofifier at the end of the regex. It also allows numbers 0-9

If you want to allow the following characters in the expression
. ? ! ' " :
You'll need to add them to them in to the regular expression

About mysql_real_escape_string make sure you are connected to MySQL before you use mysql_real_escape_string. This function is a mysql specific function and requires a connection to mysql in order to function.

#3 russia5

  • Members
  • PipPipPip
  • Advanced Member
  • 94 posts

Posted 02 September 2006 - 11:01 PM

Thankyou very much!  I found out about the mysql_real_escape_string() after the connection already and by "the school of hard knocks!"  Does the preg_match() have to be after the database conn too.  Since it is a php function and not a MySQL, I assume not.  Also, is there a way of telling rather preg_match() works.  Can you look in the database, or pull it from the database such as displaying the data in my admin and tell.  You can't in mysql_real_escape_string()  Thanks Greg

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users