I have a simple registration script I'm practicing with and I was wondering how I could check for special characters and numbers. Basically, for the user name area, no special characters are allowed. For the first name , last name area, no special characters and numbers are allowed. Would this be a regex operation?
asked Jul 27, 2011 at 18:29
1
When I post information to php from a form I like to use the ctype functions, its what they are for. //php.net/manual/en/book.ctype.php
So if you wanted to a-zA-Z you could
if[ !ctype_alpha[ $str ] ]
die[ 'Invalid characters' ];
Or if you wanted a-zA-Z0-9 you could
if[ !ctype_alnum[ $str ] ]
die[ 'Invalid characters' ];
answered Jul 27, 2011 at 18:40
Matt R. WilsonMatt R. Wilson
6,3955 gold badges29 silver badges46 bronze badges
1
$stringWithout = preg_replace['/[^a-zA-Z]/', '', $string];
$stringWith = $string;
if [$stringWith == $stringWithout] {
//string is clean
}
Something like this perhaps? If you replace every character but a-z and A-Z with nothing, and compare them, then if they are the same, you will know what they typed in has to be only characters like a-z and A-Z.
And yes, this uses a regex to replace the characters.
answered Jul 27, 2011 at 18:34
SteveSteve
1,5861 gold badge10 silver badges21 bronze badges
Don't try to reject stuff you don't want - you'll always find out later that users are much more imaginative than you.
Only accept what you know you can handle. If you only want latin letters and spaces, validate that that is the only thing you're getting with something like:
/^[0-9a-zA-Z ]+$/
Add only the characters you trust in there if I missed some.
answered Jul 27, 2011 at 18:34
MatMat
198k40 gold badges385 silver badges400 bronze badges
I am using preg_match for restrict the special characters in form post. Now I need to restrict some special characters only like %,$,#,* and I need to post like bé. How to possible to restrict some special characters only.
My code:
asked Aug 13, 2014 at 8:29
2
You should use:
[[%\$#\*]+]
to match those characters.
So in preg_match you should use:
if[preg_match["/[[%\$#\*]+]/", $firstname]]
{
echo 'Invalid Name';
}
else
{
echo $firstname;
}
β.εηοιτ.βε
27k11 gold badges55 silver badges69 bronze badges
answered Aug 13, 2014 at 8:32
Marcin NabiałekMarcin Nabiałek
106k41 gold badges245 silver badges282 bronze badges
3
Blacklisting [=enumerating invalid characters] is not an option in the unicode world. Consider for example, a "name" like this:
Ж☝ⓚƒ
You don't really want to blacklist all of these.
A whitelisting approach is, on the contrary, quite simple using the u mode
and unicode properties:
var_dump[preg_match['/^[\p{L}\p{N}]+$/u', 'ßäßå']]; // 1
var_dump[preg_match['/^[\p{L}\p{N}]+$/u', 'r2d2']]; // 1
var_dump[preg_match['/^[\p{L}\p{N}]+$/u', 'w#t?']]; // 0
var_dump[preg_match['/^[\p{L}\p{N}]+$/u', 'Ж☝ⓚƒ']]; // 0
And since we're talking about validating real names, please read Falsehoods Programmers Believe About Names before you start complicating things.
answered Aug 13, 2014 at 8:32
georggeorg
207k48 gold badges292 silver badges373 bronze badges
4