Characters to exclude from a URL submission

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Jay
Forum Newbie
Posts: 22
Joined: Fri Jul 12, 2002 8:36 am
Location: KUL, Malaysia

Characters to exclude from a URL submission

Post by Jay »

i am preparing a regular expression pattern to exclude the following characters in submitted URLS, please feel free to add to this list?

Code: Select all

var $chars = '\r\n \t\x0B<>''"\\]\\ї'; // characters to exclude in URLs
Thank you.
rev
Forum Commoner
Posts: 52
Joined: Wed Oct 02, 2002 3:58 pm
Location: Atlanta, GA

Post by rev »

Maybe I am missing something here?

http://www.php.net/manual/en/function.urlencode.php
User avatar
Takuma
Forum Regular
Posts: 931
Joined: Sun Aug 04, 2002 10:24 am
Location: UK
Contact:

Post by Takuma »

You won't be able to use <, > etc. in URL anyway, it's gets encoded...
User avatar
hob_goblin
Forum Regular
Posts: 978
Joined: Sun Apr 28, 2002 9:53 pm
Contact:

Post by hob_goblin »

No, he's talking about something like an input in a form

Because i could easily just input:

Code: Select all

http://somesite.com/">okay</a><script><!-- bad script here -->
But heres how i'd do it.

Code: Select all

if(!preg_match('(http://&#1111;-a-zA-Z0-9@:%_\+.~#?&//=]+)', $string))&#123;
  die('Invalid input');
  &#125;
Post Reply