Keeping @ out of input

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Dave
Forum Newbie
Posts: 8
Joined: Mon Jun 17, 2002 3:14 am

Keeping @ out of input

Post by Dave »

Hi,

I'm trying to validate my textbox input. I'm using ereg to check for :alpha: only I see that someone could easily enter the required number of letters and nonsense like @@@'s too.

How do I keep this type of nonsense out also? I'm sure the answer is looking me in the face, but I'm having one of those times when I just can't see it.

Thanks for your assistance :?
User avatar
Stoker
Forum Regular
Posts: 782
Joined: Thu Jan 23, 2003 9:45 pm
Location: SWNY
Contact:

Post by Stoker »

Using ereg is very inefficient, always use plain str functions if possible, or preg if you need regex power..

A quick validation could be something like

$textfield = preg_replace('/[^A-z0-9]/','',$_REQUEST['fieldname']);

Meaning anything but A-z and 0-9 would be replaced by nothing, if you want to allow space, comma, dot, dash and such you have to add those as well (use proper escapes for a character class).
Dave
Forum Newbie
Posts: 8
Joined: Mon Jun 17, 2002 3:14 am

Post by Dave »

Tried but still seems to allow the likes of "joe@@@@" / "jo@@@e" etc. to be submitted - unless I set it up incorrectly?

I have a form that sends the info to be validated and depending on result, may then return the user to the page with an error message displayed and the information in the input fields as they'd typed - as $name then has a value passed through from the validation page.

Basically my problem arose when I had people getting mixed up and inputing their emails into the username field - which I planned to just consist of letters and numbers.
User avatar
Stoker
Forum Regular
Posts: 782
Joined: Thu Jan 23, 2003 9:45 pm
Location: SWNY
Contact:

Post by Stoker »

My regex would strip anything but A-Z,a-z and 0-9 and replace it with nothing, so any @ would be removed, but that may not be what you want, if you want to check that there is only one word and it starts with a letter and can only contain letters and numbers and be at least 2 char long you could do something like

if (!preg_match('/^[A-z][A-z0-9]+$/',$_REQUEST['username'])) {
# The username was invalid
} else {
# The username is valid
}

Other than that, allowing people to use their email address as username is sometimes wise (unless it is a public forum etc), as people tend to remember their email address better than a username they invent then and there..
Dave
Forum Newbie
Posts: 8
Joined: Mon Jun 17, 2002 3:14 am

Post by Dave »

Thanks, that's done the trick - I'll have to read-up on preg_match (any recommended resources for information? I've read bits on php.net), so I can make adjustments to my other validation.

It's actually an email sign-up so I just needed them to come up with a username to use as their email - username@theiremail.com for example.

I asked for another email address incase they forgot their password, but then someone did the unexpected and put this address in the input field for the username and that caused problems as you can imagine as it was accepted and processed.
Post Reply