Page 1 of 1

if ( preg_match("/[^a-z0-9-]/", $string1) )

Posted: Tue Apr 08, 2008 10:09 pm
by psychotomus
Ikeep getting error invalid forum name no matter what i enter with pregmatch

Code: Select all

<?
if(isset($_POST['Submit']))
{
    //valid string check
    function isvalidstring($string1)
    {
        if ( preg_match("/[^a-z0-9-]/", $string1) )
            return true;
        else
            return false;
    }
    
    //valid email check
    function isemail($email)
    {
        // regx to test for valid e-mail adres
        $regex = '^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]{2,})+$';
        if (eregi($regex, $email)) return true;
        else return false;
    }
    //hack prevention
    $forum_name = mysql_real_escape_string($_POST['textForumName']);
    $first_name = mysql_real_escape_string($_POST['textFirstName']);
    $last_name = mysql_real_escape_string($_POST['textLastName']);
    $email = mysql_real_escape_string($_POST['textEmail']);
    $username = mysql_real_escape_string($_POST['textUserName']);
    $pass = md5(mysql_real_escape_string($_POST['textPassword']));
    
    //check if valid email address
    if( isemail($email) == false)
        $msg = 'Invalid Email..<br>';
    
    //check if forum name not empty
    if(empty($forum_name))
        $msg .= 'Forum Name can not be blank..<br>';
 
    //check if first name not empty
    if(empty($first_name))
        $msg .= 'First Name can not be blank..<br>';
 
    //check if last name not empty
    if(empty($last_name))
        $msg .= 'Last Name can not be blank..<br>';
 
 
    //check if password not blank
    if(empty($pass))
        $msg .= 'Password can not be blank..<br>';
    
    //check if forum name is valid string
    if(!isvalidstring($forum_name))
        $msg .= 'Invalid Forum Name..<br>';
 
 
    //if no errors
    if(empty($msg))
    {
        //run query to check if forum name exist
        $result = mysql_query("SELECT * FROM created_forums WHERE name='$forum_name'") or die(mysql_error());
        
        //if forum name doesn't exist
        if( mysql_num_rows($result) == 0)
        {
            include 'create_new_forum_data.php';
            $reg = true;
        }
        else //if forum name exist
        {
            $msg = 'Forum Name allready taken..';
        }
    }
}
?>

Re: if ( preg_match("/[^a-z0-9-]/", $string1) )

Posted: Wed Apr 09, 2008 4:10 am
by EverLearning
For starters, instead of

Code: Select all

preg_match("/^[a-z0-9-]/", $string1)

in isvalidstring() function try this

Code: Select all

preg_match("/[a-z0-9-]+/", $string1)
And read up on PCRE pattern syntax

Re: if ( preg_match("/[^a-z0-9-]/", $string1) )

Posted: Sat Apr 12, 2008 6:59 am
by Weirdan
EverLearning wrote:For starters, instead of

Code: Select all

preg_match("/^[a-z0-9-]/", $string1)

in isvalidstring() function try this

Code: Select all

preg_match("/[a-z0-9-]+/", $string1)
For forum starters, think out your responses. What you proposed would allow any string containing a substring matching your regexp - thus permitting user names like 'sdf$^!""\'

To original poster - your regexp searches for invalid characters (here I suppose that you would want allow only strings consisting of letters+digits+'-' sign) in string, so you would either rename the function to isinvalidstring or keep the function name and swap its return values:

Code: Select all

 
function isvalidstring($string) {
  if (preg_match('/[^0-9a-z-]/', $string)) {
      return false;
  } else {
      return true;
  }
}