Page 1 of 1

Can anyone help me with preg_match

Posted: Sun Apr 30, 2006 12:10 pm
by N1gel
I'm using preg_match to validate the data i get from a html form, i use it before i use the data in a query to insert it into my database.

the regular expression i am using is "^[ \w]{2,255}+$/"

As i understand it this only allows letters and numbers of a total length of between 2-255. This is fine for most of my form however one of my fields is a textarea and can contatin multiple lines. How can i adjust my regular expression to accept return carriages.

Any help would be greatfull. Thanks :D

Nigel

Posted: Sun Apr 30, 2006 12:23 pm
by feyd
What's the end goal in using this regex?

Posted: Sun Apr 30, 2006 12:28 pm
by N1gel
The idea of using the regular expresion is validating the form fields.

I am attempting to limit the form fields to just numbers and letters this is an attempted at preventing sql insertion on my site.

i do a comparisson with the form fields and the reg expression to make sure they are safe and just numbers and letters.

But in the text area people use multiple lines and ehen i do the comparisson the reg expression and fields don't match.

Hope i've made myself clear sorry i'm not good at explaing things

Posted: Sun Apr 30, 2006 12:50 pm
by feyd
why not use the escaping function(s) for your database wuch as mysql_real_escape_string(), pg_escape_string() and so forth?

What about punctuation? Shouldn't we be able to have punctuation in our text? What about accent characters. Some words we use can have accent characters in them.