Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 9 of 9
  1. #1
    Regular Coder
    Join Date
    Jan 2006
    Location
    Finland, Hollola
    Posts
    285
    Thanks
    8
    Thanked 0 Times in 0 Posts

    Question How would you check for illegal letters from form field?

    Hi,

    If user is asked for a username and password in a form. How would you do a check in PHP to make sure that username and password has no illegal characters such as, new line, tab, / or \, *, -, ., ,,, ", ', so on...
    PHP 5 & MySQL 5 (Y)

  • #2
    Regular Coder
    Join Date
    Jun 2005
    Posts
    804
    Thanks
    0
    Thanked 0 Times in 0 Posts
    It depends on what you wish to consider illegal. ctype_alnum() checks for only alphanumeric characters. If you want limited acceptance of other characters, you can use regular expressions.

  • #3
    New Coder
    Join Date
    Jun 2006
    Location
    Sweden
    Posts
    49
    Thanks
    0
    Thanked 3 Times in 3 Posts
    use regular expressions. The example below, only accepts a-z and numbers, all other chars are invalid.

    ex
    PHP Code:
    if (preg_match('/^[a-z0-9]$/i'$username)) {
    // Ok
    } else {
    // Not ok

    Last edited by Nicklas; 06-17-2006 at 01:42 AM.

  • #4
    Senior Coder
    Join Date
    Aug 2003
    Location
    One step ahead of you.
    Posts
    2,815
    Thanks
    0
    Thanked 3 Times in 3 Posts
    That regex will only match single character input.
    I'm not sure if this was any help, but I hope it didn't make you stupider.

    Experience is something you get just after you really need it.
    PHP Installation Guide Feedback welcome.

  • #5
    Regular Coder
    Join Date
    Jun 2005
    Posts
    804
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Regular expressions are relatively resource intensive. Generally speaking, if you can do something without using regex, you should. If you want your users to just use letters, use ctype_alpha(). If you only want letters and numbers, use ctype_alnum(). If you want letters, numbers, and a few select extra characters, such as underscores, dollar signs, etc., then you'll need to use a regex.

  • #6
    New Coder
    Join Date
    Jun 2006
    Location
    Sweden
    Posts
    49
    Thanks
    0
    Thanked 3 Times in 3 Posts
    Oops, missed a + char

    PHP Code:
    if (preg_match('/^[a-z0-9]+$/i'$username)) {
    // Ok
    } else {
    // Not ok

    If you wanna limit the length of the $username and make sure it's, for example, at least 4 chars and not longer than 10 chars, then replace the + with {minimum, maximum}

    ex
    PHP Code:
    if (preg_match('/^[a-z0-9]{4,10}$/i'$username)) {
    // Ok
    } else {
    // Not ok


  • #7
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,640
    Thanks
    0
    Thanked 649 Times in 639 Posts
    preg_match('/^[a-z0-9]+$/i', $username)

    and

    ctype_alnum($username)

    do exactly the same thing except that the second one runs a lot faster since it runs compiled code instead of interpreted script. It also avoids the possibility of a typo (such as leaving out the +).
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • #8
    Regular Coder
    Join Date
    Jan 2006
    Location
    Finland, Hollola
    Posts
    285
    Thanks
    8
    Thanked 0 Times in 0 Posts
    Okay. I'm little confused about which one to use, preg_match or ctype_alnum... I just want that user can ONLY put a,b,c,d,...,z and 0,1,2,3,4,5,6,7,8,9 nothing else. If user types any other characters, then the code will do exit;

    Yeah. A minimum 4 characters would be good and some like max 16 characters...

    Well, if ctype_alnum is faster than preg_match, can I check for the lenght of the input with ctype_alnum expression?

    Thanks for help!
    PHP 5 & MySQL 5 (Y)

  • #9
    New Coder
    Join Date
    Jun 2006
    Location
    Sweden
    Posts
    49
    Thanks
    0
    Thanked 3 Times in 3 Posts
    Something like this...
    PHP Code:
    if (ctype_alnum($username)) {

        if (
    strlen($username) >= && strlen($username) <= 16) {
        
    // Username is Ok and within the requested length
        
    }
        
    // Username is Ok, but NOT within the requested length
        
    }

    } else {
    // Bad username!!!



  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •