keepitcoder Posted August 20, 2010 Share Posted August 20, 2010 I'm trying to sanitize some form inputs (from xss/sql injection, etc.). I was wondering if someone can help me write 2 different preg_replace statements, as I'm really confused by it. I need one that will allow only numbers up to 5 characters, and one that will allow a-zA-Z0-9 and spaces up to 48 characters. I found this online, would something like this work? $q = preg_replace("/[^a-zA-Z0-9 ]+/", '', $q); $p = preg_replace("/[^0-9]+/", '', $p); Can you guys help me or point me to some great and easy tutorial? Thanks Quote Link to comment Share on other sites More sharing options...
Garethp Posted August 23, 2010 Share Posted August 23, 2010 $Search = array ( '~^[0-9]{5}$~', '~^[a-zA-Z0-9\s]{48}$~' ); if(preg_match($Search, $Text)) { //It's sanatized } Basically it says "If $Text is either exactly 5 numbers, or exactly 48 characters of letters, numbers or spaces, then it is sanatized" Is that what you're after? And if you still want a tutorial, I'd suggest either http://www.regular-expressions.info/ or find one here http://www.phpfreaks.com/ Quote Link to comment Share on other sites More sharing options...
ZachMEdwards Posted August 23, 2010 Share Posted August 23, 2010 Alternatively: $Search = array ( '~^\d{5}$~', '~^[a-zA-Z\d\s]{48}$~' ); or if(preg_match('/(?:\d{5}|[a-zA-Z\d\s]{48})/', $text)) { Quote Link to comment Share on other sites More sharing options...
salathe Posted August 24, 2010 Share Posted August 24, 2010 Did any of you even read the question? I need one that will allow only numbers up to 5 characters /^\d{0,5}$/D \d matches any single digit (0 through 9) and {0,5} means to match from zero up to a maximum of 5 of those digits. Alternatively, you could use [0-9] in place of \d. ^ and $ and D in combination mean that the pattern will match a string, only if the pattern matches the entire string. one that will allow a-zA-Z0-9 and spaces up to 48 characters /^[a-zA-Z0-9 ]{0,48}$/D Hopefully you can work out the above for yourself. Some good places to look for help: http://www.regular-expressions.info/quickstart.html - a basic introduction to regular expressions http://php.net/pcre - using PCRE regular expressions in PHP http://pcre.org/pcre.txt -the manual Quote Link to comment Share on other sites More sharing options...
keepitcoder Posted August 25, 2010 Author Share Posted August 25, 2010 Thank you guys! As soon as I get home, I'll test it all out. How would I utilize this with preg_replace (or another function), as I want to sanitize this input using that's collected from a form as I'll be using it with mySQL queries? Quote Link to comment Share on other sites More sharing options...
keepitcoder Posted August 26, 2010 Author Share Posted August 26, 2010 When I do $q = preg_replace("/^[a-zA-Z0-9 ]{0,48}$/D", "", $_GET["q"]); it doesn't actually work. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.