Page 1 of 1

validating user input

Posted: Mon Apr 19, 2004 8:13 am
by tiresome
I am using the following to validate the field where the user inputs his/her email address...

Code: Select all

<?php
if ( !checkString( $email) || !eregi( "^[A-Za-z0-9\_-]+@[A-Za-z0-9\_-]+.[A-Za-z0-9\_-]+.*", $email)) {
    echo "You have entered an <b>invalid email</b>.<br> Please go back and try again.";
    exit;
  }

?>
If I wanted to restrict the user from inputting malicious code such as <script> alert("boo");<script> could I still use the eregi function? I mean I just can't figure out what the syntax would be to not allow the user to input, for instance, '<' or '>' sign.

Posted: Mon Apr 19, 2004 8:19 am
by feyd
a period (not escaped) matches any character.

what you have already excludes < and >

Posted: Mon Apr 19, 2004 8:23 am
by tiresome
lol thanks for that! I must have left my brains at home. I am at Starbucks sipping some coffee and chilling. I actually was busting my brains out trying to come up with a way of solving that. Anyway, I appreciate your help in this one.

Posted: Tue Apr 20, 2004 8:43 am
by mudkicker
can you write the latest code for me please? :)