Page 1 of 1

Characters to exclude from a URL submission

Posted: Sat Oct 12, 2002 7:13 pm
by Jay
i am preparing a regular expression pattern to exclude the following characters in submitted URLS, please feel free to add to this list?

Code: Select all

var $chars = '\r\n \t\x0B<>''"\\]\\ї'; // characters to exclude in URLs
Thank you.

Posted: Sat Oct 12, 2002 9:31 pm
by rev
Maybe I am missing something here?

http://www.php.net/manual/en/function.urlencode.php

Posted: Sun Oct 13, 2002 2:56 am
by Takuma
You won't be able to use <, > etc. in URL anyway, it's gets encoded...

Posted: Sun Oct 13, 2002 12:41 pm
by hob_goblin
No, he's talking about something like an input in a form

Because i could easily just input:

Code: Select all

http://somesite.com/">okay</a><script><!-- bad script here -->
But heres how i'd do it.

Code: Select all

if(!preg_match('(http://&#1111;-a-zA-Z0-9@:%_\+.~#?&//=]+)', $string))&#123;
  die('Invalid input');
  &#125;