Oziam Posted October 18, 2010 Share Posted October 18, 2010 When I use the following code to check for posted characters it allows the insertion of ( ) brackets to be posted. if(!preg_match('/^([-_ a-z0-9]){2,50}$/i', $_POST['title'])) { echo "<script>alert('Please enter a Title 2-50 alphanumeric characters,\\nspaces, hyphens and underscores also accepted!)</script>"; } It should on allow 2-50 alphanumeric characters and spaces, hyphens and underscores! What am I missing? Link to comment https://forums.phpfreaks.com/topic/216127-preg_match-problem/ Share on other sites More sharing options...
Pikachu2000 Posted October 18, 2010 Share Posted October 18, 2010 It tests fine for me locally. You're missing a closing single quote in the alert message, however. Link to comment https://forums.phpfreaks.com/topic/216127-preg_match-problem/#findComment-1123196 Share on other sites More sharing options...
Oziam Posted October 18, 2010 Author Share Posted October 18, 2010 yeah thanks! just a typo for the missing quote! hmmm! it lets me insert ( or ) Link to comment https://forums.phpfreaks.com/topic/216127-preg_match-problem/#findComment-1123204 Share on other sites More sharing options...
Pikachu2000 Posted October 18, 2010 Share Posted October 18, 2010 When I include any character other than those specified in the pattern, including ( or ), I get the alert message, so I'm not sure what you mean when you say it lets you insert parentheses. Link to comment https://forums.phpfreaks.com/topic/216127-preg_match-problem/#findComment-1123208 Share on other sites More sharing options...
Oziam Posted October 18, 2010 Author Share Posted October 18, 2010 I mean if use the form field title and enter for example "Titlename (part 1)" it will skip the error, it will continue with the rest of the code and insert into database! Its got me #### ### EDIT ### Ok I found it! I was looking at the wrong script, in my other script it checks the title with !preg_match('/^([\'-_ a-z0-9]){2,50}$/i', $_POST['title']) notice the \' before the hyphen, this was to allow single quotes and this for some reason is causing the drama and allowing other characters to be included! If I remove the \' it works fine! Thanks for your help! Link to comment https://forums.phpfreaks.com/topic/216127-preg_match-problem/#findComment-1123218 Share on other sites More sharing options...
Pikachu2000 Posted October 18, 2010 Share Posted October 18, 2010 I just ran the following, and with one $_POST var uncommented at a time, it does exactly what it should do. <?php $_POST['title'] = "Titlename part 1"; //$_POST['title'] = "Titlename (part 1)"; if( !preg_match('/^([-_ a-z0-9]){2,50}$/i', $_POST['title']) ) { echo "<script>alert('Please enter a Title 2-50 alphanumeric characters,\\nspaces, hyphens and underscores also accepted!')</script>"; echo 'Bad characters'; } else { // DB insert here. echo 'No bad characters'; } ?> Link to comment https://forums.phpfreaks.com/topic/216127-preg_match-problem/#findComment-1123224 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.