rockinaway Posted April 3, 2008 Share Posted April 3, 2008 I want to check a form field for invalid characters that would effect MySQL queries... Can someone show me the preg_match(_all) for that? I am not very good with that part.. Link to comment https://forums.phpfreaks.com/topic/99425-check-for-invalid-characters/ Share on other sites More sharing options...
craygo Posted April 3, 2008 Share Posted April 3, 2008 Do you not want to put in the charactors at all?? Or you just want to make sure the queries work?? I am not that good with preg_match or regex so maybe someone will help with that. But if you just want to make sure the query will run if someone has special charactors, you can just use mysql_real_escape_string() to prepare the data for insert. Ray Link to comment https://forums.phpfreaks.com/topic/99425-check-for-invalid-characters/#findComment-508749 Share on other sites More sharing options...
rhodesa Posted April 3, 2008 Share Posted April 3, 2008 Yeah, the normal usage is: <?php $field1 = mysql_real_escape_string($_POST['field1']); $field2 = mysql_real_escape_string($_POST['field2']); //etc mysql_query("INSERT INTO tablename (field1,field2) VALUES ('{$field1}','{$field2}')"); ?> Link to comment https://forums.phpfreaks.com/topic/99425-check-for-invalid-characters/#findComment-508754 Share on other sites More sharing options...
Caesar Posted April 3, 2008 Share Posted April 3, 2008 If you want to remove the invalid characters, then you would do something like... <?php function clean_it($input) { return $output = trim(preg_replace('/[^aA-zZ0-9]/','',$input)); } ?> BUt I guess I'm wondering if you want to strip out certain characters...or just escape the string/input. Link to comment https://forums.phpfreaks.com/topic/99425-check-for-invalid-characters/#findComment-508756 Share on other sites More sharing options...
discomatt Posted April 3, 2008 Share Posted April 3, 2008 Did you want to create a whitelist or a blacklist? Usually the most effective method it to have a white list, and use regex to find anything that isn't in it. the nice part about regex is you can use character ranges.... IE if you want to allow letters, numbers, hyphens and underscores, you would do this: <?php $whitelist = 'a-z0-9\-_]'; $regex = '/[^'.$whitelist.']/i'; if (preg_match($regex, $subject) ) { echo 'Bad character detected!'; } ?> Link to comment https://forums.phpfreaks.com/topic/99425-check-for-invalid-characters/#findComment-508757 Share on other sites More sharing options...
rockinaway Posted April 4, 2008 Author Share Posted April 4, 2008 Thanks for the input, I will use mysql_real_escape_string() Thanks a lot! Link to comment https://forums.phpfreaks.com/topic/99425-check-for-invalid-characters/#findComment-509304 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.