What it comes down to is that the dollar sign $ is used and advocated to be used as the end of a pattern to match. However, what many people don't know is that a single newline can be inserted after the last character. When you really need the end of the string, you have to use the /D modifier after the dollar sign. Please read his post for a better explanation.
A quick example:
filter.php
Code: Select all
<?php
$clean = array();
if (preg_match("/^[0-9]+:[X-Z]+$/", $_GET['var'])) {
$clean['var'] = $_GET['var'];
}
// filter.php?var=012345:XYZ%0a
echo '<br>Clean[\'var\'] is: ' . $clean['var']; echo 'test';
// Clean['var'] is: 012345:XYZ
// test
$realclean = array();
if (preg_match("/^[0-9]+:[X-Z]+$/D", $_GET['var'])) {
$realclean['var'] = $_GET['var'];
}
echo '<br>RealClean[\'var\'] is: ' . $realclean['var']; echo 'test';
// RealClean['var'] is: testMaybe this is old stuff for some of you, but I didn't know it.
Weirdan| Corrected ouput