Can I make a suggestion?
I tend to look at the issue of user input the other way around... rather
than excluding things I don't think I want, I choose in allow things I *DO*
want... so instead of saying a username shouldn't contain
!@#$%^&*()_+-=<>?":';, I say it should contain a-zA-Z0-9_-.
This means that I allow what I trust, rather than assuming I can think of
every possible "bad" character the user might choose.
<?
// a-zA-Z0-9_ are valid in this case
if(preg_match("/^[a-zA-Z0-9_]*$/", $username))
{
// good
}
else
{
// bad
}
?>
To answer your question, (and i've got ZERO experience with regexp's, and
the above regexp was written for me by someone on this list!) is that you
need to escape some characters, like a $ sign, with a \.
Cheers,
Justin
on 01/02/03 12:11 AM, [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote:
> Hello Everyone
>
> This might be slightly offtopic since I'm not sure its php related but....
> I'm working on a script where some inputdata is taken for further
> processing. For validation purposes I want to make sure certain chars are
> not part of the input. Basically stuff like $ * :; etc...
>
> So I'm using ereg(pattern, input) to see if the pattern matches or not.
>
> Example
>
> if(ereg($pattern, $input))
> {
> // do allowed stuff
> }
> else
> {
> // do something for the illegal input
> }
> SO for exclusion I build the following pattern [^$] and pass it to ereg
> above. So if the input includes a $ the ereg should return false and the
> processing shouldn't take place.
>
> Well the thing is for $pattern = '[^$]' it doesn't work. Input including
> '$' is still passed to the allowed stuff code block.
> So am I doing something wrong or is there a problem with the character
> coding of my editor
>
> BtW I'm using W2K with PHP 4.1.x Apache 1.3.X and TextPad 4.x for editing.
> I save my scripts as ANSI format. Meaning only legal ASCII Characters +
> German extended code page.
>
> Can anybody help me?
>
> I also tried [^a] as a pattern but the input can contain a and slip
> through.
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
