Page 1 of 1

Keeping @ out of input

Posted: Mon Jan 27, 2003 11:25 am
by Dave
Hi,

I'm trying to validate my textbox input. I'm using ereg to check for :alpha: only I see that someone could easily enter the required number of letters and nonsense like @@@'s too.

How do I keep this type of nonsense out also? I'm sure the answer is looking me in the face, but I'm having one of those times when I just can't see it.

Thanks for your assistance :?

Posted: Mon Jan 27, 2003 12:15 pm
by Stoker
Using ereg is very inefficient, always use plain str functions if possible, or preg if you need regex power..

A quick validation could be something like

$textfield = preg_replace('/[^A-z0-9]/','',$_REQUEST['fieldname']);

Meaning anything but A-z and 0-9 would be replaced by nothing, if you want to allow space, comma, dot, dash and such you have to add those as well (use proper escapes for a character class).

Posted: Mon Jan 27, 2003 1:47 pm
by Dave
Tried but still seems to allow the likes of "joe@@@@" / "jo@@@e" etc. to be submitted - unless I set it up incorrectly?

I have a form that sends the info to be validated and depending on result, may then return the user to the page with an error message displayed and the information in the input fields as they'd typed - as $name then has a value passed through from the validation page.

Basically my problem arose when I had people getting mixed up and inputing their emails into the username field - which I planned to just consist of letters and numbers.

Posted: Mon Jan 27, 2003 1:55 pm
by Stoker
My regex would strip anything but A-Z,a-z and 0-9 and replace it with nothing, so any @ would be removed, but that may not be what you want, if you want to check that there is only one word and it starts with a letter and can only contain letters and numbers and be at least 2 char long you could do something like

if (!preg_match('/^[A-z][A-z0-9]+$/',$_REQUEST['username'])) {
# The username was invalid
} else {
# The username is valid
}

Other than that, allowing people to use their email address as username is sometimes wise (unless it is a public forum etc), as people tend to remember their email address better than a username they invent then and there..

Posted: Mon Jan 27, 2003 2:30 pm
by Dave
Thanks, that's done the trick - I'll have to read-up on preg_match (any recommended resources for information? I've read bits on php.net), so I can make adjustments to my other validation.

It's actually an email sign-up so I just needed them to come up with a username to use as their email - username@theiremail.com for example.

I asked for another email address incase they forgot their password, but then someone did the unexpected and put this address in the input field for the username and that caused problems as you can imagine as it was accepted and processed.