category_page restriction

[jodunno]

Dear members,

I'm building a get request file handler (sometimes erroneously referred to as a router) and i need to restrict the query string to a particular format using regex.

goal: restrict a GET query string format to: category_page (id est, http://localhost/file.php?category_page)
so Alphabetic letters of length 3 to 16 characters
followed by an underscore
followed by alphabetic letters of length 3 to 48 characters

my current regex is contained within a "checkGetRequest()":

if (preg_match("/^[A-Za-z]{3,16}+_[A-Za-z]{3,48}$/i", $queryString === 0) { return false; }

is this regex correct? or perhaps someone can stop laughing and correct me?
the regex seems to be working but i'm not a regex guru.

Happy Holidays,
John
 

[requinix]

Looks good to me.

There are a few online tools to help build and test regular expressions, like if you want to try running a few inputs through the regex to see if they match. regex101.com and regextester.com come to mind.

2 hours ago, jodunno said:

I'm building a get request file handler (sometimes erroneously referred to as a router)

A router takes a request and routes it to a different location or resource or code path. That sounds like what you're doing.

[jodunno]

Hi requinix,

I was hoping that you would offer an opinion, since you are an actual regex specialist. I actually learned the basics of regex from your posts at this forum. I don't want to say that i credit you entirely because i am prone to erroneous regex logic at times and you are not responsible for the bad regex solutions of mine. Anyway, the links are a beautiful addition to your reply. Thank you for posting 🙂

well, our viewpoint is obviously different. I only use index.php and accept requests for content that fits my definition of acceptable content requests. Thus, the location/resource/route is the same. Only the content changes. So i don't consider it to be routing traffic, rather fetching different content for display in the same location. Routers typically involve mvc or classes, functions and frameworks. You know, call a class, which calls a class, which loads a function, which loads another function to echo a message instead of using the built-in echo function. LOL. Please let's not start a router definition, i should be using mvc argument. I actually like and respect you, requinix. I hope that you can reciprocate that sentiment 🙂

either way, if you must see my usage, then i don't mind posting my code but it would not be open to discussion 🙂

Happy Holidays and please stay healthy and warm,

John

[requinix]

There is a minor thing I can point out, if you want.

/^[A-Za-z]{3,16}+_[A-Za-z]{3,48}$/i

Since /i makes it case-insensitive, there's no need to specify both A-Z and a-z. Personally I'd probably list the two and drop the flag: it keeps the expression explicit about what it matches, and while the /i lets you write less, here it's not that much of a difference.

[jodunno]

17 minutes ago, requinix said:

There is a minor thing I can point out, if you want.

/^[A-Za-z]{3,16}+_[A-Za-z]{3,48}$/i

Since /i makes it case-insensitive, there's no need to specify both A-Z and a-z. Personally I'd probably list the two and drop the flag: it keeps the expression explicit about what it matches, and while the /i lets you write less, here it's not that much of a difference.

oh wow! I missed that entirely. I honestly did not realize that i had that flag. I copied a similar expression from my form validation and changed the core of the expression. I'm not trying to make an excuse for overlooking this stupidity but my brain is a little foggy lately. I had covid immediately followed by the flu a few weeks ago. I was not well and i am still trying to feel normal. I cannot believe how many times that i have looked at this code and did not notice the i

Honestly, Thank You for cleaning this up for me.  Meantime, i will post my experimental code so that you can see how it is used. I need to copy the code from my non-internet connected work laptop, then i will post it. I have tried the restrictions in everyway that i can imagine and the regex is working as expected. So once again, Thank you, requinix. I appreciate and value your expertise.

[jodunno]

Hi requinix and anyone else reading this post,

The code that uses this expression is as follows

working directories: C:\xampp

C:\xampp\htdocs\qs.php

	<?php declare (strict_types = 1);
//example request: http://localhost/qs.php?legal_copyright
  function checkGetRequest(string $queryString = '') {
    if (preg_match("/^[A-Za-z]{3,16}+_[A-Za-z]{3,48}$/", $queryString) === 0) { return false; }
    (array) $queryString = explode('_', $queryString); (string) $path = dirname(__FILE__) . '/../system/paging/';
    if (!file_exists($path) || !file_exists($path . $queryString[0] . '/definition.php')) { return false; }
    require_once $path . $queryString[0] . '/definition.php'; if (!function_exists('definition')) { return false; }
    unset($path); if (definition($queryString[1]) !== true) { return false; }
    return (array) $queryString;
  }
  if (!empty($_SERVER['QUERY_STRING']) && is_string($_SERVER['QUERY_STRING']) && function_exists('checkGetRequest')) {
    (array) $showPage = checkGetRequest(trim(htmlspecialchars($_SERVER['QUERY_STRING'])));
    if ($showPage !== false && is_array($showPage)) { print_r($showPage); exit; } unset($showPage);
  }
  echo 'index page'; exit;
?>
	

C:\xampp\system\paging\ (outside root)

C:\xampp\system\paging\legal\definition.php (array of acceptable page requests)

	<?php declare (strict_types = 1);
  function definition(string $validity = '') {
    $pages = (array) ['agb','copyright','datenschutz','impressum','kontakt','uberuns'];
    if (in_array($validity, $pages, true)) { unset($pages); return true; }
    unset($pages); return false;
  }
?>
	

category exists to allow hundreds of possibilities. a switch with more than 10 cases is ridiculous, so i 'switched' to a category and page system. I am aware of everyone's attitude about exit and error handling and cleanup work but i am not open to changing the code. I always clean up after myself in reality and i do the same in my code (unset). I like it that way. I also like to handle foreseen errors (a file doesn't exist or a call to an array loads a string instead. I try to handle known possible erros, which makes me happy. So besides my coding methods, if you spot anything that could be done better, then offer an opinion. 

Happy Holidays everyone and please stay healthy and warm. We are living in difficult times.

John

 

[requinix]

And I just noticed another one, and on second (third?) look I don't see anything else, so

[A-Za-z]{3,16}+

The + makes it possessive, meaning there won't be backtracking if the rest of the pattern doesn't match. It's being used correctly here (backtracking won't ever cause the regex match if it didn't already) but be careful about it using it in general because it can easily cause a regex to fail when it could otherwise match.

You could apply it to

[A-Za-z]{3,48}

as well since it's the same situation. But having it at all is an optimization that isn't going to matter much here so it's not important.

[jodunno]

That is excellent advice, requinix. Thank you for taking time to help a non-programmer. I always appreciate this forum and its members despite my agression at times. LOL. what i can say, i'm a bit of a weight lifting pesky wasp.

I have made a text file with your advice and i will read more about this subject. I always make an effort to better myself so i promise that your advice is well taken.

I am going to shutdown my xampp for the day and relax a bit. I am still trying to feel normal after covid and the flu. I started playing Grim Tales games (not spamming here but how else do i describe the games?) I can just sit back and click my way through a game.

I hope that everyone has a great day and i cannot stress enough the importance of well being. Take care of yourselves.

John