jason360 Posted December 13, 2014 Share Posted December 13, 2014 Hey guys, I am stuck on this preg_match if statement. I want to allow ' and " in the variable string but for some reason it keeps reporting invalid characters when I add ' or " to the string. Any help would be appreciated as I have tried tons of combinations after searching google. Thanks! if(preg_match("/[^a-zA-Z0-9\-\_\,\!\?\.\'\"\ \/]+/i",$_POST['article_title'])) { $err[]='<p class="error" style="color: #ed1c24;">Your Title contains invalid characters!</p>'; } Quote Link to comment https://forums.phpfreaks.com/topic/293083-preg_match-problem/ Share on other sites More sharing options...
php_bad_boy Posted December 13, 2014 Share Posted December 13, 2014 Hi Jason, Try running this code snippet, as you can see the preg_match returns 0 for a string containing both the single and double quotes. <?php $my_string = "some ''''' \"\"\" string"; echo ( preg_match("/[^a-zA-Z0-9\-\_\,\!\?\.\'\"\ \/]+/i",$my_string) ) ?> Can you have a look at the values of the $_POST['article_title'] variables that are getting passed to the preg_match function? Quote Link to comment https://forums.phpfreaks.com/topic/293083-preg_match-problem/#findComment-1499522 Share on other sites More sharing options...
jason360 Posted December 13, 2014 Author Share Posted December 13, 2014 Hi PHP Bad Boy, I tried the snippet and it echoed 0. Do you think that maybe remove slashes should be used on the $_POST['article_title']? Quote Link to comment https://forums.phpfreaks.com/topic/293083-preg_match-problem/#findComment-1499523 Share on other sites More sharing options...
php_bad_boy Posted December 13, 2014 Share Posted December 13, 2014 Hi Jason, I think you might be right. I'd be tempted to print all the $_POST['article_title'] variables where preg_match is returning true and hopefully you'll spot the problem. if(preg_match("/[^a-zA-Z0-9\-\_\,\!\?\.\'\"\ \/]+/i",$_POST['article_title'])) { $err[]='<p class="error" style="color: #ed1c24;">Your Title contains invalid characters! </p>'; echo $_POST['article_title']; } Quote Link to comment https://forums.phpfreaks.com/topic/293083-preg_match-problem/#findComment-1499526 Share on other sites More sharing options...
hansford Posted December 13, 2014 Share Posted December 13, 2014 I am unable to reproduce your error on strings containing " or '. Let us look at the form code and see if there is something there. You wouldn't happen to have magic_quotes on would you? Quote Link to comment https://forums.phpfreaks.com/topic/293083-preg_match-problem/#findComment-1499532 Share on other sites More sharing options...
jason360 Posted December 18, 2014 Author Share Posted December 18, 2014 Hey Guys, Just an update. I was able to figure the problem out by adding stripslashes() to the POST. if(preg_match("/[^a-zA-Z0-9\-\_\,\!\?\.\'\"\ \/]+/i",stripslashes($_POST['article_title']))) Quote Link to comment https://forums.phpfreaks.com/topic/293083-preg_match-problem/#findComment-1500032 Share on other sites More sharing options...
Jacques1 Posted December 18, 2014 Share Posted December 18, 2014 No, no, no. Have you never wondered why there are strange backslashes in the user input? Wouldn't it make sense to actually fix the problem rather than work around it with nonsense functions like stripslashes()? Random backslashes are not normal. It means there's a fundamental problem with your PHP setup (like Magic Quotes) or your application (like some auto-escaper going berzerk). I strongly recommend that you take care of this. Otherwise you'll run into the same problem over and over again. You may also get into serious trouble: The backslashes are supposed to be a security feature. If you remove them at will, then you might end up with no security at all. Quote Link to comment https://forums.phpfreaks.com/topic/293083-preg_match-problem/#findComment-1500034 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.