Jazz914
11-01-2009, 10:03 PM
It seems to be right to me...But I am not an expert in regex
if (!preg_match("/^[A-Za-z0-9_!&-.,]$/", $user)) {
$results[] = ("Your username can only include these symbols: ! _ - & . , [ ]");
}
It shouldn't return the error above, but it does, even when I type something like "Hello"
abduraooft
11-02-2009, 08:08 AM
You need to escape special characters like -, . etc and add a + sign after the square bracket to indicate one or more occurrence. Try
$user='Hello';
if (!preg_match("/^[A-Za-z0-9_!&\-\.,]+$/", $user)) {
echo $results[] = ("Your username can only include these symbols: ! _ - & . , [ ]");
}
Jazz914
11-02-2009, 11:15 AM
Thank you ^_^
But I also want to add the possibility for square brackets to be included in the username, I tried this:
if (!preg_match("/^[A-Za-z0-9_!&\-\.,[\]]+$/", $user)) {
But it didn't work
abduraooft
11-02-2009, 11:19 AM
You need to escape [ as well.
Jazz914
11-02-2009, 12:31 PM
Like this?
if (!preg_match("/^[A-Za-z0-9_!&\-\.,\[\]]+$/", $user)) {
It still returns the error if the username contains the square brackets :S
abduraooft
11-02-2009, 01:03 PM
Like this?
if (!preg_match("/^[A-Za-z0-9_!&\-\.,\[\]]+$/", $user)) {
It still returns the error if the username contains the square brackets :SWorks well for me :confused:
Jazz914
11-02-2009, 06:59 PM
I figured out whats wrong but is it REALLY neccessary for me to have the following in code in a security object I made?
$value = escapeshellcmd($value); Or will I be fine without it, its this which is getting rid of the square brackets and replacing them with spaces. I know what this does, i'm just wondering, is it a really easy vulnerability?
