Jump to content

Recommended Posts

Hey guys,

 

I am stuck on this preg_match if statement.   I want to allow ' and " in the variable string but for some reason it keeps reporting invalid characters when I add '  or " to the string.

 

Any help would be appreciated as I have tried tons of combinations after searching google.

 

Thanks!

if(preg_match("/[^a-zA-Z0-9\-\_\,\!\?\.\'\"\ \/]+/i",$_POST['article_title']))
			{
			$err[]='<p class="error" style="color: #ed1c24;">Your Title contains invalid characters!</p>';
			}
Link to comment
https://forums.phpfreaks.com/topic/293083-preg_match-problem/
Share on other sites

Hi Jason,

 

Try running this code snippet, as you can see the preg_match returns 0 for a string containing both the single and double quotes.

<?php

$my_string = "some ''''' \"\"\" string";

echo ( preg_match("/[^a-zA-Z0-9\-\_\,\!\?\.\'\"\ \/]+/i",$my_string) )
			
?>

Can you have a look at the values of the $_POST['article_title'] variables that are getting passed to the preg_match function?

 

 

 
Link to comment
https://forums.phpfreaks.com/topic/293083-preg_match-problem/#findComment-1499522
Share on other sites

Hi Jason,

 

I think you might be right. I'd be tempted to print all the $_POST['article_title'] variables where preg_match is returning true and hopefully you'll spot the problem.

if(preg_match("/[^a-zA-Z0-9\-\_\,\!\?\.\'\"\ \/]+/i",$_POST['article_title']))
{
  $err[]='<p class="error" style="color: #ed1c24;">Your Title contains invalid characters! </p>';
  echo $_POST['article_title'];
}
Link to comment
https://forums.phpfreaks.com/topic/293083-preg_match-problem/#findComment-1499526
Share on other sites

No, no, no. :(

 

Have you never wondered why there are strange backslashes in the user input? Wouldn't it make sense to actually fix the problem rather than work around it with nonsense functions like stripslashes()?

 

Random backslashes are not normal. It means there's a fundamental problem with your PHP setup (like Magic Quotes) or your application (like some auto-escaper going berzerk). I strongly recommend that you take care of this. Otherwise you'll run into the same problem over and over again. You may also get into serious trouble: The backslashes are supposed to be a security feature. If you remove them at will, then you might end up with no security at all.

Link to comment
https://forums.phpfreaks.com/topic/293083-preg_match-problem/#findComment-1500034
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.