...

View Full Version : Another Regex problem :/



Jazz914
11-01-2009, 11:03 PM
It seems to be right to me...But I am not an expert in regex


if (!preg_match("/^[A-Za-z0-9_!&-.,]$/", $user)) {
$results[] = ("Your username can only include these symbols: ! _ - & . , [ ]");
}

It shouldn't return the error above, but it does, even when I type something like "Hello"

abduraooft
11-02-2009, 09:08 AM
You need to escape special characters like -, . etc and add a + sign after the square bracket to indicate one or more occurrence. Try

$user='Hello';
if (!preg_match("/^[A-Za-z0-9_!&\-\.,]+$/", $user)) {
echo $results[] = ("Your username can only include these symbols: ! _ - & . , [ ]");
}

Jazz914
11-02-2009, 12:15 PM
Thank you ^_^

But I also want to add the possibility for square brackets to be included in the username, I tried this:


if (!preg_match("/^[A-Za-z0-9_!&\-\.,[\]]+$/", $user)) {

But it didn't work

abduraooft
11-02-2009, 12:19 PM
You need to escape [ as well.

Jazz914
11-02-2009, 01:31 PM
Like this?

if (!preg_match("/^[A-Za-z0-9_!&\-\.,\[\]]+$/", $user)) {

It still returns the error if the username contains the square brackets :S

abduraooft
11-02-2009, 02:03 PM
Like this?

if (!preg_match("/^[A-Za-z0-9_!&\-\.,\[\]]+$/", $user)) {

It still returns the error if the username contains the square brackets :SWorks well for me :confused:

Jazz914
11-02-2009, 07:59 PM
I figured out whats wrong but is it REALLY neccessary for me to have the following in code in a security object I made?


$value = escapeshellcmd($value); Or will I be fine without it, its this which is getting rid of the square brackets and replacing them with spaces. I know what this does, i'm just wondering, is it a really easy vulnerability?



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum