Jump to content

Recommended Posts

Hi.

 

I'm trying to create a simple function that checks my text strings (ie. firstname & lastnames ect) for illigal characters.

 

I'm using:

 

trim()

strip_tags()

as well as preg_match

 

I keep getting an echo of True if if I put in valid values.  ie.  Joe

 

From my understanding the below statement will check for the following characters:

/

^

Numbers 0 TO 9

+

:

Uppercase X TO Z letters

$/D

if(preg_match("/^[0-9]+:[X-Z]+$/D",$str))

 

Is my understanding correct or am I way off.  Not really sure about the "+$/D" or the "+:" values??

 

 

My PHP Code:

<?php
$submit = $_POST['submit'];
$firstname = strip_tags($_POST['firstname']);
if ($_POST[submit]){
	if(!checkStringText($firstname)) {
		echo "TRUE";
	} else {
		echo "FALSE";
	}
}
?>
<?php

function checkStringText($str) {
// checks proper syntax
//if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/" , $firstname)) {
//Removes white space, null, tabs, new lines from both sides
trim($str);
// Strips HTML Tags
strip_tags($str);
if(preg_match("/^[0-9]+:[X-Z]+$/D",$str)) {
	echo "special char found!";
}
}
?>

 

 

 

Link to comment
https://forums.phpfreaks.com/topic/216680-preg_match-check-for-special-characters/
Share on other sites

if(preg_match("/^[0-9]+:[X-Z]+$/D",$str))

 

that pattern will return true if it finds..

 

starting at the beginning of the string, there are 1 or more numbers, followed by a literal colon, followed by one or more X,Y or Z characters followed by end of string. So for instance:

 

"323234:YXYXY" true

"1:A" false

"blah" false

 

also, you make a call to your function but don't actually return true or false, so by default it will always return true, so you will always get that "TRUE" echoing.

Also, when using a function like trim(), you need to assign the result into a variable.  There are some exceptions to this rule, such as the sorting functions, but usually you need to assign the result.

 

function checkStringText($str) {
// checks proper syntax
//if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/" , $firstname)) {
//Removes white space, null, tabs, new lines from both sides
$str = trim($str);
// Strips HTML Tags
$str = strip_tags($str);
if (preg_match("/^[0-9]+:[X-Z]+$/D",$str)) {
	return true;
}
        return false;
}

I want to return TRUE if the letters a to z are entered.  But it's still always returning true.  What is wrong with the code?

 

<?php
$submit = $_POST['submit'];
$firstname = strip_tags($_POST['firstname']);

if ($_POST[submit]){
	if(!checkStringText($firstname)) {
		echo "TRUE";
	} else {
		echo "FALSE";
	}
}
?>
<?php

function checkStringText($str) {
// checks proper syntax
//if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/" , $firstname)) {
//Removes white space, null, tabs, new lines from both sides
// /^[0-9]+:[X-Z]+$/D
$str = trim($str);
// Strips HTML Tags
$str = strip_tags($str);
if(preg_match("[a-z]",$str)) {
	return true;
} else {
	return false;
}
}
?>

Ok, now I'm right confused. 

I updated my code and now if I enter "aa" it returns FALSE.

According to the code shouldn't it return TRUE because the letters aa are there?

 

New Code:

<?php
$submit = $_POST['submit'];
$firstname = strip_tags($_POST['firstname']);
if ($_POST[submit]){
	if(!checkStringText($firstname)) {
		echo "TRUE";
	} else {
		echo "FALSE";
	}
}
?>
<?php
function checkStringText($str) {
// checks proper syntax
$str = trim($str);
// Strips HTML Tags
$str = strip_tags($str);
if(preg_match("/aa/",$str)) {
	return true;
} else {
	return false;
}
}
?>

Switched the returns True false and it works fine.

 

Is the following the proper format to remove special characters and unwanted characters by using  [specialchar1] | [specialchar2]...

 

(preg_match("/[0-9]|[#]|[@]|[$]/",$str))

Or is there an easier way to do this?

From your post where it was always returning true:

 

if(preg_match("[a-z]",$str)) {

 

That should be

 

if(preg_match("/[a-z]/",$str)) {

 

I find the best way to remove unwanted characters is to list the ones you DO want, and invert that.  For example:

 

$filtered_str = preg_replace('/[^a-zA-Z]/', '', $str);

 

That will remove anything which is NOT in the ranges a-z or A-Z.

okay I think you probably need to step back a minute and figure out what exactly you want to actually do here.  You've gone from checking if the string is valid to replacing invalid chars. Those are 2 different things.  And you've also randomly changed what you do and do not want to allow...

 

So you have a form field someone fills out:

 

a) what are the accepted values - only letters? letters and numbers? letters, numbers, underscore, space? anything else? minimum and maximum amount of chars allowed? give a full list.

 

b) do you want to kick back an error message if someone enters in invalid chars, or do you want to remove invalid chars? (advice: if you should probably kick back an error message if this is supposed to be for allowing a user to pick a user name - straight up removing invalid chars should only be done for sanitizing purposes).

 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.