preg_match problem

[Oziam]

When I use the following code to check for posted characters it allows the insertion of ( ) brackets to be posted.

 

if(!preg_match('/^([-_ a-z0-9]){2,50}$/i', $_POST['title']))

{

echo "<script>alert('Please enter a Title 2-50 alphanumeric characters,\\nspaces, hyphens and underscores also accepted!)</script>";

}

 

It should on allow 2-50 alphanumeric characters and spaces, hyphens and underscores!

 

What am I missing?

[Pikachu2000]

It tests fine for me locally. You're missing a closing single quote in the alert message, however.

[Oziam]

yeah thanks! just a typo for the missing quote!

 

hmmm! it lets me insert ( or )

[Pikachu2000]

When I include any character other than those specified in the pattern, including ( or ), I get the alert message, so I'm not sure what you mean when you say it lets you insert parentheses.

[Oziam]

I mean if use the form field title and enter for example "Titlename (part 1)"

it will skip the error, it will continue with the rest of the code and insert into database!

 

Its got me #### 

 

### EDIT ###

Ok I found it! I was looking at the wrong script, in my other script it checks the title with

 

!preg_match('/^([\'-_ a-z0-9]){2,50}$/i', $_POST['title'])

 

notice the \' before the hyphen, this was to allow single quotes and this for some reason is causing the drama and allowing other characters to be included!

If I remove the \' it works fine!

 

Thanks for your help!

[Pikachu2000]

I just ran the following, and with one $_POST var uncommented at a time, it does exactly what it should do.

 

<?php
$_POST['title'] = "Titlename part 1";
//$_POST['title'] = "Titlename (part 1)";
if( !preg_match('/^([-_ a-z0-9]){2,50}$/i', $_POST['title']) ) {
    echo "<script>alert('Please enter a Title 2-50 alphanumeric characters,\\nspaces, hyphens and underscores also accepted!')</script>";
    echo 'Bad characters';
} else {
    // DB insert here.
    echo 'No bad characters';
}
?>