Page 1 of 1

Filter input to only letters and numbers

Posted: Wed Jan 31, 2007 5:10 pm
by tarja311
Hello all.

I have an input form that sends data to my database. This is fine, the problem is my extremely basic filtering. I am trying to make it so only letters ( a-z A-Z ) and numbers are allowed through. I think i am using preg_match incorrectly because it only checks if the first digit is valid or invalid. It does not validate the whole string.

example

valid : abc123
invalid : abc_#123

Code: Select all

if(!preg_match('/a-z A-Z 0-9 {1, 20}/', $input){
// exit ...
}else{
// continue ...
}
Any ideas?

Thanks

-- tarja

Posted: Wed Jan 31, 2007 5:39 pm
by superdezign
Firstly, you forgot the parentheses (which I assume was from the way you wrote it to the board hopefully), but yeah:

Code: Select all

if(!preg_match('/[a-zA-Z0-9]{1, 20}/', $input))

Posted: Wed Jan 31, 2007 6:04 pm
by tarja311
typo'd.

Maybe i don't understand how preg_match works. With the code you provided, if i type in #, it says it's invalid, which is good. but if i type #a it says it's valid. I don't get it.

Posted: Wed Jan 31, 2007 6:07 pm
by RobertGonzalez

Posted: Wed Jan 31, 2007 6:31 pm
by tarja311
Thanks that is exactly what i'm looking for.

Posted: Wed Jan 31, 2007 6:36 pm
by RobertGonzalez
Glad I could help.

Posted: Wed Jan 31, 2007 8:12 pm
by Ollie Saunders
The reason why the regex allowed #a is because it only have to find a match somewhere inside the string. For instance
Regex: /abc/
you should learn your abcs - match found

To prevent this you should use the start (^) and end ($) assertions. Which basically say there should be nothing before and nothing after, respectively.
Regex: /^abc$/
you should learn your abcs - no match found
abc - match found

Posted: Wed Jan 31, 2007 8:23 pm
by tarja311
Thanks for that info. noted. :)

Posted: Wed Jan 31, 2007 10:04 pm
by superdezign
Silly me. \b is an alternative right? That's what I use.

Posted: Thu Feb 01, 2007 12:58 am
by feyd
\b is for word boundaries. Symbols and spaces are boundaries.. ;)

Posted: Thu Feb 01, 2007 1:05 am
by superdezign
I always wondered why anyone would use ^$... \b is so much neater in my opinion. :o

Posted: Thu Feb 01, 2007 2:39 am
by onion2k
Everah wrote:ctype_alnum().
I've never noticed the ctype functions before. Crazy useful.

Posted: Thu Feb 01, 2007 8:35 am
by Z3RO21
ole wrote:The reason why the regex allowed #a is because it only have to find a match somewhere inside the string. For instance
Regex: /abc/
you should learn your abcs - match found

To prevent this you should use the start (^) and end ($) assertions. Which basically say there should be nothing before and nothing after, respectively.
Regex: /^abc$/
you should learn your abcs - no match found
abc - match found
Noted as well, thanks ole!

Posted: Thu Feb 01, 2007 10:21 am
by RobertGonzalez
onion2k wrote:
Everah wrote:ctype_alnum().
I've never noticed the ctype functions before. Crazy useful.
Dude, these are way useful. All of them. As soon as I found out about them I started using them. They are very nice. :D