mfleming Posted October 24, 2010 Share Posted October 24, 2010 Hi. I'm trying to create a simple function that checks my text strings (ie. firstname & lastnames ect) for illigal characters. I'm using: trim() strip_tags() as well as preg_match I keep getting an echo of True if if I put in valid values. ie. Joe From my understanding the below statement will check for the following characters: / ^ Numbers 0 TO 9 + : Uppercase X TO Z letters $/D if(preg_match("/^[0-9]+:[X-Z]+$/D",$str)) Is my understanding correct or am I way off. Not really sure about the "+$/D" or the "+:" values?? My PHP Code: <?php $submit = $_POST['submit']; $firstname = strip_tags($_POST['firstname']); if ($_POST[submit]){ if(!checkStringText($firstname)) { echo "TRUE"; } else { echo "FALSE"; } } ?> <?php function checkStringText($str) { // checks proper syntax //if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/" , $firstname)) { //Removes white space, null, tabs, new lines from both sides trim($str); // Strips HTML Tags strip_tags($str); if(preg_match("/^[0-9]+:[X-Z]+$/D",$str)) { echo "special char found!"; } } ?> Quote Link to comment Share on other sites More sharing options...
.josh Posted October 24, 2010 Share Posted October 24, 2010 if(preg_match("/^[0-9]+:[X-Z]+$/D",$str)) that pattern will return true if it finds.. starting at the beginning of the string, there are 1 or more numbers, followed by a literal colon, followed by one or more X,Y or Z characters followed by end of string. So for instance: "323234:YXYXY" true "1:A" false "blah" false also, you make a call to your function but don't actually return true or false, so by default it will always return true, so you will always get that "TRUE" echoing. Quote Link to comment Share on other sites More sharing options...
btherl Posted October 24, 2010 Share Posted October 24, 2010 Also, when using a function like trim(), you need to assign the result into a variable. There are some exceptions to this rule, such as the sorting functions, but usually you need to assign the result. function checkStringText($str) { // checks proper syntax //if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/" , $firstname)) { //Removes white space, null, tabs, new lines from both sides $str = trim($str); // Strips HTML Tags $str = strip_tags($str); if (preg_match("/^[0-9]+:[X-Z]+$/D",$str)) { return true; } return false; } Quote Link to comment Share on other sites More sharing options...
mfleming Posted October 25, 2010 Author Share Posted October 25, 2010 I want to return TRUE if the letters a to z are entered. But it's still always returning true. What is wrong with the code? <?php $submit = $_POST['submit']; $firstname = strip_tags($_POST['firstname']); if ($_POST[submit]){ if(!checkStringText($firstname)) { echo "TRUE"; } else { echo "FALSE"; } } ?> <?php function checkStringText($str) { // checks proper syntax //if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/" , $firstname)) { //Removes white space, null, tabs, new lines from both sides // /^[0-9]+:[X-Z]+$/D $str = trim($str); // Strips HTML Tags $str = strip_tags($str); if(preg_match("[a-z]",$str)) { return true; } else { return false; } } ?> Quote Link to comment Share on other sites More sharing options...
mfleming Posted October 25, 2010 Author Share Posted October 25, 2010 Ok, now I'm right confused. I updated my code and now if I enter "aa" it returns FALSE. According to the code shouldn't it return TRUE because the letters aa are there? New Code: <?php $submit = $_POST['submit']; $firstname = strip_tags($_POST['firstname']); if ($_POST[submit]){ if(!checkStringText($firstname)) { echo "TRUE"; } else { echo "FALSE"; } } ?> <?php function checkStringText($str) { // checks proper syntax $str = trim($str); // Strips HTML Tags $str = strip_tags($str); if(preg_match("/aa/",$str)) { return true; } else { return false; } } ?> Quote Link to comment Share on other sites More sharing options...
mfleming Posted October 25, 2010 Author Share Posted October 25, 2010 Switched the returns True false and it works fine. Is the following the proper format to remove special characters and unwanted characters by using [specialchar1] | [specialchar2]... (preg_match("/[0-9]|[#]|[@]|[$]/",$str)) Or is there an easier way to do this? Quote Link to comment Share on other sites More sharing options...
btherl Posted October 25, 2010 Share Posted October 25, 2010 From your post where it was always returning true: if(preg_match("[a-z]",$str)) { That should be if(preg_match("/[a-z]/",$str)) { I find the best way to remove unwanted characters is to list the ones you DO want, and invert that. For example: $filtered_str = preg_replace('/[^a-zA-Z]/', '', $str); That will remove anything which is NOT in the ranges a-z or A-Z. Quote Link to comment Share on other sites More sharing options...
.josh Posted October 25, 2010 Share Posted October 25, 2010 okay I think you probably need to step back a minute and figure out what exactly you want to actually do here. You've gone from checking if the string is valid to replacing invalid chars. Those are 2 different things. And you've also randomly changed what you do and do not want to allow... So you have a form field someone fills out: a) what are the accepted values - only letters? letters and numbers? letters, numbers, underscore, space? anything else? minimum and maximum amount of chars allowed? give a full list. b) do you want to kick back an error message if someone enters in invalid chars, or do you want to remove invalid chars? (advice: if you should probably kick back an error message if this is supposed to be for allowing a user to pick a user name - straight up removing invalid chars should only be done for sanitizing purposes). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.