john2020 Posted January 21, 2011 Share Posted January 21, 2011 Folks, I am just trying to learn PHP. For form input validation which is better - Regexp or PHP Filters? Or do they have completely different uses? Where does preg fit in? Thank you! J.S. Link to comment https://forums.phpfreaks.com/topic/225228-regexp-or-filters-for-php-form-validation/ Share on other sites More sharing options...
JakeTheSnake3.0 Posted January 21, 2011 Share Posted January 21, 2011 For ease of use, filters are a no-brainer! Regex would be used for complex verification. Filters are just a way of saying "I only want numbers...or I want to verify that the email address is properly formed". Link to comment https://forums.phpfreaks.com/topic/225228-regexp-or-filters-for-php-form-validation/#findComment-1163181 Share on other sites More sharing options...
PHPFAN10 Posted January 21, 2011 Share Posted January 21, 2011 Hi, I use a mixture of both. For usernames/passwords i use regex and for email i use php filters basic but does it's job. Example: For usernames i use the following regex: // username regular expression define('USERNAME_REGEX', '/^[a-z][\w\.\*\-\_]{2,14}$/i'); For emails i use PHP filter: filter_var( $email , FILTER_VALIDATE_EMAIL) I use preg_match() and do error checking like this, depending on what i am wanting to do/acheive. if ( !preg_match(constant("USERNAME_REGEX"), $username)) { $error .= "Please enter a username. Use 3 to 15 characters and start with a letter. You may use letters, numbers, hyphen, asterisk, underscores and dot (.) <br />"; } if (!empty( $email) && !filter_var( $email , FILTER_VALIDATE_EMAIL)) { $error .= "Your email address is not valid <br />"; } Link to comment https://forums.phpfreaks.com/topic/225228-regexp-or-filters-for-php-form-validation/#findComment-1163182 Share on other sites More sharing options...
john2020 Posted January 21, 2011 Author Share Posted January 21, 2011 Thank you, guys! It's good to know that they complement each other. Two things. First, the email filter considers even [email protected] to be a valid email address. Second, there must be some newbie error but I can't get this to work: if ($_POST["Submit"]) { define('USERNAME_REGEX', '/^[a-z][\w\.\*\-\_]{2,14}$/i'); $username = $_POST["username"]; if ( !preg_match(constant("USERNAME_REGEX"), $username)) { $error .= "Please enter a username. Use 3 to 15 characters and start with a letter. You may use letters, numbers, hyphen, asterisk, underscores and dot (.) <br />"; } } Link to comment https://forums.phpfreaks.com/topic/225228-regexp-or-filters-for-php-form-validation/#findComment-1163212 Share on other sites More sharing options...
john2020 Posted January 21, 2011 Author Share Posted January 21, 2011 I did manage to get the whitelist working to prevent SQL Injection attacks: if ($_POST["Submit"]) { $stringToFilter = $_POST["email"]; echo preg_replace( "/[^a-zA-Z0-9\.\-\_\@]/", "", $stringToFilter ); } Link to comment https://forums.phpfreaks.com/topic/225228-regexp-or-filters-for-php-form-validation/#findComment-1163243 Share on other sites More sharing options...
Pikachu2000 Posted January 21, 2011 Share Posted January 21, 2011 To prevent SQL injection, you'd simply need to validate and escape string type data, and validate and cast numeric data as the correct type. Link to comment https://forums.phpfreaks.com/topic/225228-regexp-or-filters-for-php-form-validation/#findComment-1163277 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.