Page 1 of 2

PHP Regex on Query Strings

Posted: Thu Sep 10, 2009 6:52 pm
by KyleReed
I'm having trouble understanding my own code. I understand what I wrote, of course. But, the output is frustrating me.

I'd figured that, from my understanding on the the regular-expressions.info website, conditionals is not included in the php version of regex. So, with that, I figured I would have to write some conditions to match the query string variable to it's corresponding value through using the array parameter in preg_match.

But, it turns out that that's not even necessary in the way I wrote my regex string. It seems php formulates the conditions in the regex already! I mean, the entry qstring var must only contain digit(s), filename must be a valid text file name, and page can only have the values add, edit or main.

Why is the regex doing this?

I'm using PHP Windows 5.2.8 in IIS 5

Here's an example code:

Code: Select all

// qstring( $_SERVER['QUERY_STRING'] );
 
function qstring_db( $qstring )
{
    foreach( split('&', $qstring) as $qentry )
    {
        // matches[1] = qentry var name
        // matches[2] = entry
        // matches[3] = filename
        // matches[4] = page
        // matches[5] = qentry value
        // matches[6] = entry value
        // matches[7] = filename value
        // matches[8] = page value
        if( preg_match('/^((entry)|(filename)|(page))'
                    .'=(([0-9]+)|([^><\*\?"\r\n\|\/\\\\]+\.txt)|(add|edit|main))$/i'
                    , $qentry, $matches) )
        { print_array( $matches ); }
    }
}

Re: PHP Regex on Query Strings

Posted: Sat Sep 12, 2009 12:31 pm
by KyleReed
bump.

Re: PHP Regex on Query Strings

Posted: Sat Sep 12, 2009 4:47 pm
by requinix
What string are you trying to match against?

Re: PHP Regex on Query Strings

Posted: Sat Sep 12, 2009 10:18 pm
by KyleReed
It does the job perfectly. I figured I would have to write PHP conditions to match what I stated above in my first post about what qstring vars are supposed to match... that's what I'm trying to figure out; Why it's doing it for me already?

Re: PHP Regex on Query Strings

Posted: Sun Sep 13, 2009 1:24 am
by requinix
It's doing it for you because the regex is built to do it for you.

Kinda. Have you tried using "add" for the entry?...

Re: PHP Regex on Query Strings

Posted: Sun Sep 13, 2009 3:00 am
by KyleReed
Yes. I've tried using add and practically any non-digit character for the value of the var entry and it fails to match it. And I've tried numbers in the page var and it fails there too.

It's a head scratcher.

Re: PHP Regex on Query Strings

Posted: Sun Sep 13, 2009 3:22 am
by requinix
KyleReed wrote:Yes. I've tried using add and practically any non-digit character for the value of the var entry and it fails to match it. And I've tried numbers in the page var and it fails there too.
I just tried it with "entry=add" and it matched perfectly fine. Isn't this incorrect behavior?

Re: PHP Regex on Query Strings

Posted: Sun Sep 13, 2009 3:24 am
by KyleReed
Yes, it is incorrect... Hold on a second...

EDIT: Crap.. I forgot what I did... I could of sworn it wouldn't match before. I've edited the file since then...

Re: PHP Regex on Query Strings

Posted: Sun Sep 13, 2009 3:45 am
by KyleReed
I know what needs to be done, but man! I could of sworn it worked without anything extra... What's happening! There is NO SPOON!!!

Code: Select all

function script_params( $qstring )
{
    $qvar['entry']      = 6;
    $qvar['filename']   = 7;
    $qvar['page']       = 8;
 
    foreach( split('&', $qstring) as $qentry )
    {
        if( preg_match('/^((entry)|(filename)|(page))'
                    .'=(([0-9]+)|([^><\*\?"\r\n\|\/\\\\]+\.txt)|(add|edit|main))$/i'
                    , $qentry, $matches) )
        {
            // matches[1] = qentry var name
            // matches[2] = var:entry
            // matches[3] = var:filename
            // matches[4] = var:page
            // matches[5] = qentry value
            // matches[6] = value:entry
            // matches[7] = value:filename
            // matches[8] = value:page
 
            if( $matches[$qvar[$matches[1]]] )
                print_array( $matches );
            else
                return FALSE;
        }
        else
            return FALSE;
    }
    
    return TRUE;
}

Re: PHP Regex on Query Strings

Posted: Sun Sep 13, 2009 4:07 am
by requinix
Now that that's out of the way:

There's no need for regular expressions.

Code: Select all

$string = "entry=123&filename=asd.txt&page=add";
parse_str($string, $parts);
 
if (!isset($parts["entry"]) || !ctype_digit($parts["entry"]) ||
    !isset($parts["filename"]) || !file_exists("/path/to/files/" . basename($parts["filename"])) ||
    !isset($parts["page"]) || !in_array($parts["page"], array("add", "edit", "main"))) {
    // not valid (missing stuff or the stuff is invalid)
} else {
    // entry, filename, and page exist, and are all valid
}
This $string isn't coming from the URL, right?

Re: PHP Regex on Query Strings

Posted: Sun Sep 13, 2009 4:15 am
by KyleReed
Yes. The string to be parsed is coming from the query string... I mean, from the URL :)

Or something...

I just found out what parse_str does... Man....

You simplified it alright. I would show you some other code to laugh at, but I don't want to waste your time in providing a better solution to it. Seems there's a shortcut for everything!

Thanks for your help!

Re: PHP Regex on Query Strings

Posted: Sun Sep 13, 2009 5:32 am
by requinix
KyleReed wrote:Yes. The string to be parsed is coming from the query string... I mean, from the URL :)
So... any reason you aren't using $_GET?

Re: PHP Regex on Query Strings

Posted: Sun Sep 13, 2009 2:38 pm
by KyleReed
Because I'll also be using $_POST to do some form input stuff, the Query String will help me load a particular form.

Re: PHP Regex on Query Strings

Posted: Sun Sep 13, 2009 3:12 pm
by peterjwest
You can include $_GET parameters in a form. I find it's best to stay consistent. If there are two URLs for the same action it may confuse users.

Re: PHP Regex on Query Strings

Posted: Sun Sep 13, 2009 5:01 pm
by KyleReed
That would mean the $_GET parameters would have to originally come from the query string, right?