preg_match that checks for lower/upper case letters, numbers, spaces, etc.

Shockdot · June 14, 2012

Can anyone tell me the preg_match argument that will check to make sure a string contains only the following things...

[*]Lower/Upper Case Letters

[*]Numbers

[*]Hyphens

[*]Underscores

[*]Colons

[*]% Signs

[*]$ Signs

[*]Periods

[*]Comas

[*]! Marks

.josh · June 14, 2012

if ( preg_match('~^[-a-z0-9_:%$.,!]+$~i',$string) ) {
  // valid
} else {
  // invalid
}

Shockdot · June 14, 2012

Thanks! Is there anyway to add an ' to that list? When I add it, it doesn't verify properly...

"~^[-a-z0-9_:%$'.,!]+$~i"

xyph · June 15, 2012

Elaborate on 'verify properly'

The code seems to be working on this end.

"~^[-a-z0-9_:%$'.,!]+$~i"

.josh · June 15, 2012

random shot in the dark: perhaps you are testing with ' and I wonder if your server automatically escapes those to make the value \' and since \ doesn't match, the regex is failing...

xyph · June 15, 2012

random shot in the dark: perhaps you are testing with ' and I wonder if your server automatically escapes those to make the value \' and since \ doesn't match, the regex is failing...

This would be odd. Doesn't magic_quotes only affect userland data? In which cases would this happen? Curious for my own debugging

.josh · June 15, 2012

random shot in the dark: perhaps you are testing with ' and I wonder if your server automatically escapes those to make the value \' and since \ doesn't match, the regex is failing...

This would be odd. Doesn't magic_quotes only affect userland data? In which cases would this happen? Curious for my own debugging

Well, yes. But the OP did not specify where the data is coming from. It could be for matching against posted data. Like I said, random shot in the dark.

Shockdot · June 15, 2012

Elaborate on 'verify properly'

The code seems to be working on this end.

"~^[-a-z0-9_:%$'.,!]+$~i"

When I enter into the field something like, Jesus', or anything containing an apostrophe it returns as if it would return something that is not allowed to be used...

Also when I type something like, The price is $10, it will return as it would return something that is not allowed to be used... But only if I put the $ before other characters.

xyph · June 15, 2012

Summarize the code you're using.

.josh · June 15, 2012

yes, show the code where you receive the posted info, and where you are matching it.

Also, put this somewhere:

echo "<pre>"; print_r($_POST); echo "</pre>";

and post what is echoed out.

Shockdot · June 15, 2012

yes, show the code where you receive the posted info, and where you are matching it.

Also, put this somewhere:

echo "<pre>"; print_r($_POST); echo "</pre>";

and post what is echoed out.

<?php
session_start();
require_once("Config.php");

mysql_connect($DBHost, $DBUsername, $DBPassword) or die("Can't connect to MySQL Server...");
mysql_select_db($DBName) or die ("Can't connect to database...");

$BUsername			=	$_SESSION['ID'];
$NewBDescription	=	$_POST['BDesc'];
$NewBDescription	=	stripslashes($NewBDescription);
$NewBDescription	=	mysql_real_escape_string($NewBDescription);

if(characterCheck($NewBDescription) == false)
{
	$_SESSION['DescError']	=	"The description you enter contained some invalid characters. You may only use letters, numbers, spaces, %, :, $, !, ., -, _, and ,.";
	header("location: profile.php?id=$BUsername");
}
else
{
	mysql_query("UPDATE $DBAccountsTbl SET description='$NewBDescription' WHERE username='$BUsername'") or die(mysql_error());
	header("location: profile.php?id=$BUsername");		
}
?>

<?php
function characterCheck($string)
{
	$result = true;	
	if(!preg_match("~^[-a-z0-9_:%$'.,!]+$~i", $string))
	{
		$result = false;
	}
	return $result;
}
?>

And the output for what you gave me is <pre>Array

(

)

</pre>.

xyph · June 15, 2012

You're escaping the string before validating it, that changes the contents of the string. Your RegEx must be able to handle these changes, or you need to change the order in which you perform these operations.

Shockdot · June 15, 2012

You're escaping the string before validating it, that changes the contents of the string. Your RegEx must be able to handle these changes, or you need to change the order in which you perform these operations.

I thought it had something to do with that, but I removed

$NewBDescription	=	stripslashes($NewBDescription);
$NewBDescription	=	mysql_real_escape_string($NewBDescription);

and the same thing still happens.

smoseley · June 15, 2012

Escape the ".":

preg_match("~^[-a-z0-9_:%$'\\.,!]+$~i", $string)

Shockdot · June 15, 2012

Still same problem -.-.

xyph · June 16, 2012

You're escaping the string before validating it, that changes the contents of the string. Your RegEx must be able to handle these changes, or you need to change the order in which you perform these operations.

I thought it had something to do with that, but I removed
$NewBDescription	=	stripslashes($NewBDescription);
$NewBDescription	=	mysql_real_escape_string($NewBDescription);
and the same thing still happens.

You should check what $string ACTUALLY contains, not what you assume it contains.

smoseley · June 16, 2012

Ol, let's lose the apostrophe. escape some characters, and simplify it a bit:

preg_match("/^[\\w\\d\\-\\.\\\$:%,!]+\$/", $string)

xyph · June 16, 2012

Ol, let's lose the apostrophe. escape some characters, and simplify it a bit:
preg_match("/^[\\w\\d\\-\\.\\\$:%,!]+\$/", $string)

Not necessary.

<?php

$input = 'this-0_is$%a.test!!,foobar';
$expr = "~^[-a-z0-9_:%$'.,!]+$~i";

var_dump( preg_match($expr, $input) );

?>

outputs

int 1

The issue is his test string isn't what he expects it to be. Garbage in = garbage out.

Shockdot · June 16, 2012

Ol, let's lose the apostrophe. escape some characters, and simplify it a bit:
preg_match("/^[\\w\\d\\-\\.\\\$:%,!]+\$/", $string)
Not necessary.
<?php

$input = 'this-0_is$%a.test!!,foobar';
$expr = "~^[-a-z0-9_:%$'.,!]+$~i";

var_dump( preg_match($expr, $input) );

?>
outputs

int 1

The issue is his test string isn't what he expects it to be. Garbage in = garbage out.

Alright so I did a test and this is what happens.

Input String: This is a test string $bla bla ! : , ' ? . - _

What $strin makes that into: This is a test string $bla bla ! : , \' ? . - _

But on a site note.... If i were to do

Input String: This is $10

What $string makes that into: $This is $10

it doesn't change.... So something is still wrong because it doesn't change the string...

xyph · June 16, 2012

The RegEx won't match spaces. Please be accurate. Without it, there's no sense trying to code.

We've explained why the ' is turning in to \'.

It should be easy to solve this puzzle, or at least get to the next step. You have all the pieces.

Sign In

preg_match that checks for lower/upper case letters, numbers, spaces, etc.

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information