keepitcoder Posted August 20, 2010 Share Posted August 20, 2010 I'm trying to sanitize some form inputs (from xss/sql injection, etc.). I was wondering if someone can help me write 2 different preg_replace statements, as I'm really confused by it. I need one that will allow only numbers up to 5 characters, and one that will allow a-zA-Z0-9 and spaces up to 48 characters. I found this online, would something like this work? $q = preg_replace("/[^a-zA-Z0-9 ]+/", '', $q); $p = preg_replace("/[^0-9]+/", '', $p); Can you guys help me or point me to some great and easy tutorial? Thanks Link to comment https://forums.phpfreaks.com/topic/211322-preg_replace-sanitation/ Share on other sites More sharing options...
Garethp Posted August 23, 2010 Share Posted August 23, 2010 $Search = array ( '~^[0-9]{5}$~', '~^[a-zA-Z0-9\s]{48}$~' ); if(preg_match($Search, $Text)) { //It's sanatized } Basically it says "If $Text is either exactly 5 numbers, or exactly 48 characters of letters, numbers or spaces, then it is sanatized" Is that what you're after? And if you still want a tutorial, I'd suggest either http://www.regular-expressions.info/ or find one here http://www.phpfreaks.com/ Link to comment https://forums.phpfreaks.com/topic/211322-preg_replace-sanitation/#findComment-1102540 Share on other sites More sharing options...
ZachMEdwards Posted August 23, 2010 Share Posted August 23, 2010 Alternatively: $Search = array ( '~^\d{5}$~', '~^[a-zA-Z\d\s]{48}$~' ); or if(preg_match('/(?:\d{5}|[a-zA-Z\d\s]{48})/', $text)) { Link to comment https://forums.phpfreaks.com/topic/211322-preg_replace-sanitation/#findComment-1102920 Share on other sites More sharing options...
salathe Posted August 24, 2010 Share Posted August 24, 2010 Did any of you even read the question? I need one that will allow only numbers up to 5 characters /^\d{0,5}$/D \d matches any single digit (0 through 9) and {0,5} means to match from zero up to a maximum of 5 of those digits. Alternatively, you could use [0-9] in place of \d. ^ and $ and D in combination mean that the pattern will match a string, only if the pattern matches the entire string. one that will allow a-zA-Z0-9 and spaces up to 48 characters /^[a-zA-Z0-9 ]{0,48}$/D Hopefully you can work out the above for yourself. Some good places to look for help: http://www.regular-expressions.info/quickstart.html - a basic introduction to regular expressions http://php.net/pcre - using PCRE regular expressions in PHP http://pcre.org/pcre.txt -the manual Link to comment https://forums.phpfreaks.com/topic/211322-preg_replace-sanitation/#findComment-1103019 Share on other sites More sharing options...
keepitcoder Posted August 25, 2010 Author Share Posted August 25, 2010 Thank you guys! As soon as I get home, I'll test it all out. How would I utilize this with preg_replace (or another function), as I want to sanitize this input using that's collected from a form as I'll be using it with mySQL queries? Link to comment https://forums.phpfreaks.com/topic/211322-preg_replace-sanitation/#findComment-1103427 Share on other sites More sharing options...
keepitcoder Posted August 26, 2010 Author Share Posted August 26, 2010 When I do $q = preg_replace("/^[a-zA-Z0-9 ]{0,48}$/D", "", $_GET["q"]); it doesn't actually work. Link to comment https://forums.phpfreaks.com/topic/211322-preg_replace-sanitation/#findComment-1103819 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.