phpnoobie9 Posted March 27, 2008 Share Posted March 27, 2008 If a user enters in certain characters like: *$% I want to do an if with an error statement. IE: if (user enters these characters *$%){ don't insert data into database and give error message } else { if none of the above characters are in the form. insert data. } Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted March 27, 2008 Share Posted March 27, 2008 where is the end string going after the user inputs? mysql, flat file, odbc??? Quote Link to comment Share on other sites More sharing options...
phpnoobie9 Posted March 27, 2008 Author Share Posted March 27, 2008 the data is going to mysql Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted March 27, 2008 Share Posted March 27, 2008 look into the mysql_real_escape string on php.net Quote Link to comment Share on other sites More sharing options...
phpnoobie9 Posted March 27, 2008 Author Share Posted March 27, 2008 look into the mysql_real_escape string on php.net I'm not trying to escape it. I want the form to not submit if those characters are detected. Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted March 27, 2008 Share Posted March 27, 2008 well then use regex Quote Link to comment Share on other sites More sharing options...
phpnoobie9 Posted March 27, 2008 Author Share Posted March 27, 2008 Thanks. I thought I had to use that. Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted March 27, 2008 Share Posted March 27, 2008 Rather than trying to think of all the characters that are invalid (i.e. a blacklist), it is usually easier to check for only the characters that are valid (i.e. a whitelist). Quote Link to comment Share on other sites More sharing options...
phpnoobie9 Posted March 27, 2008 Author Share Posted March 27, 2008 Allowed: A-Za-z0-9.!?," For some reason when I do this: <javascript> It allows the < and >... but if I just enter one < or > it doesn't allow it. if (!empty($title) && !empty($description)) { if (ereg('[A-Za-z0-9.!?,"]',$description)) { if (@mysql_query (htmlspecialchars($query))) { echo 'Yayayaya'; } else { echo 'An error has occured please try again.'; } } else { echo 'Some of the characters are not allowed.'; } } else { echo 'You have empty fields.'; } Quote Link to comment Share on other sites More sharing options...
phpnoobie9 Posted March 27, 2008 Author Share Posted March 27, 2008 my fault accidently pressed quote instead of modify. Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted March 27, 2008 Share Posted March 27, 2008 [A-Za-z0-9.!?,"] ^ That only matches a single character. Append a + to match one or more characters. [A-Za-z0-9.!?,"]+ ^ Matches one or more. Prefix a caret and append a dollar sign to specify the beginning and end of the string. ^[A-Za-z0-9.!?,"]+$ ^ Should be closer to what you want. I normally use preg_match() and I'm not sure if it behaves any differently than ereg. With preg_match() it'd be closer to: $regexp = '/^[A-Za-z0-9.!?,"]+$/'; if(!preg_match($regexp, $stringToTest)){ echo 'error'; } Quote Link to comment Share on other sites More sharing options...
phpnoobie9 Posted March 27, 2008 Author Share Posted March 27, 2008 Thanks alot for the help. Just curious.. why do you have a / after '? $regexp = '/^[A-Za-z0-9.!?,"]+$/'; Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted March 27, 2008 Share Posted March 27, 2008 AFAIK you have to begin and end the regexp with matching chars, in this case I use forward slashes. I believe the characters you use are arbitrary, for example I think this is just as valid (though I've never tried it): $regexp = '@^[A-Za-z0-9.!?,"]+$@'; I believe whichever char you use needs to be escaped within the regexp though. For example, if I want to match two forward slashes, I can do this: /\/\// or I can do this: @//@ Notice how in the second example I didn't have to escape the forward slashes with a backslash. I'm going from memory here so I could be mistaken. Someone else might be able to give a better or more concrete answer. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.