[SOLVED] ereg_replace vs preg_replace?

[notepad]

Hi,

 

I am new to Regex, but am finding it very interesting so far. I used a little bit on my login script for my website, I set it up to strip out any non-alphanumeric characters (including spaces) using ereg_replace. But I have been told by a couple of people that ereg_replace is out of date and and I should be using preg_replace. Is this true? Here is my current code:

 

$user_check = $_POST['name'];
$strip_username = ereg_replace("[^A-Za-z0-9]", "", $user_check );

$pass_check = $_POST['pass'];
$strip_password = ereg_replace("[^A-Za-z0-9]", "", $pass_check );

 

I am not sure what the proper syntax would be to convert this to preg_replace, so I was hoping I could have a little assistance?

 

Thanks,

 

Brandon

[wildteen88]

I dont think ereg is outdated. Its just ereg and preg use two different regular expressions. ereg uses POSIX-extended and preg uses PCRE (Perl-compatible regular expressions).

 

PCRE has much more power behind it than POSIX. PCRE allows for non-greedy matching, assertions, conditional subpatterns, and a number of other features not supported by the POSIX-extended regular expression syntax.

 

if you want your code to work with PCRE then do this:

$user_check = $_POST['name'];
$strip_username = preg_replace("/[^A-Za-z0-9]/", "", $user_check );

 

The only changes needed was to change ereg_replace to preg_replace and added in delimiters at the start and end of the regex pattern. A delimiter can be a non-alphanumeric character to mark the start and end of the pattern, I normally use slashes - /. Note if you use the same character in your pattern as your delimiter you must escape them by placing a backslash in front of it, example: \/

[notepad]

Hey Wildteen,

 

Thanks for your reply. I have a much better understanding of the difference now. There is only one thing I am still confused about...

 

The only changes needed was to change ereg_replace to preg_replace and added in delimiters at the start and end of the regex pattern. A delimiter can be a non-alphanumeric character to mark the start and end of the pattern, I normally use slashes - /. Note if you use the same character in your pattern as your delimiter you must escape them by placing a backslash in front of it, example: \/

 

Could you explain that a bit more? Because I didn't see in your code where you used a / and \. I did notice that you used 2 / though.

[effigy]

Also see the discussion of delimiters here. You have to escape characters when they are the same as your delimiter, or when you want to remove their metacharacterness. You don't see \/ because you're not trying to match a forward slash.

[notepad]

Hey Effigy,

 

Thank you for clearing that up, I got it now. But could I bug you for one more thing? I am thinking of making the login use emails instead of usernames. If I were to do that, I would have to allow '@' and '.' in the login script. To add individual characters, do I just add them like this?:

 

$user_check = $_POST['name'];
$strip_username = preg_replace("/[^A-Za-z0-9-@-.]/", "", $user_check );

 

Thanks,

 

Brandon

[effigy]

Yes, but I would move the hyphen--see this for more information. Also, you may want to change your pattern because you're not specifying the order of the characters, or even requiring an "@".

[notepad]

Great link, thanks effigy.    Just to see if I understood the link here is the new code I came up with for allowing '_', '-', '.' and '@':

 

$user_check = $_POST['name'];
$strip_username = preg_replace("/[^_-A-Za-z0-9@.]/", "", $user_check );

 

As for 'requiring' it... I don't know how to do that, this is the first regex code I have done...

[effigy]

The hyphen should be at the front, which technically follows the ^ since it is modifying the entire character class.

 

You're removing invalid e-mail characters, but you're not checking the format of the e-mail. For example, your pattern will allow "me@", "abc", or ".x." as a valid e-mails.

 

See the e-mail examples here.

[notepad]

Hey effigy,

 

Nice link, I will be using the email validation that SemiApocalyptic posted.

 

Thanks again!