Solved

Regular expression to checking ...?

Posted on 2008-06-24
4
230 Views
Last Modified: 2008-06-25
Hello group,

How can I avoid users from entering some specific characters in Form entries? characters such as & ^ % # @ and so on?

I don't know that much about Regular Expression but will appreciate it if you pass me some links to learn how to use it in PHP.

Regards.
0
Comment
Question by:akohan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 2

Accepted Solution

by:
CurtinProp earned 150 total points
ID: 21862462


$banned = array("#","^","%");
$text = "This is 20% of the total #number of ^carrots";
$string = str_replace($banned, "", $text);
 
If you echo string it would display;
This is 20 of the total number of carrots
 
Now this is a simple approach, regular expressions would be the best sollution if it got more advanced. If your trying make your forms safe from XSS attacks or SQL injection i'd suggest using alternate frameworks to assist you.

Open in new window

0
 

Author Comment

by:akohan
ID: 21863119

Hi CurtinProp,

You did point to something I always think of. As matter of fact, I've started PHP just few months ago and not sure what XSS attaks are. Would you please give me direction toward this concept? Any online resource or book would be great.


Thanks.
0
 
LVL 2

Expert Comment

by:CurtinProp
ID: 21863158
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts.
http://en.wikipedia.org/wiki/Cross-site_scripting

For books I suggest;
http://www.amazon.com/Cross-Site-Scripting-Attacks-Exploits/dp/1597491543/ref=pd_bbs_sr_1/104-1412087-4929535?ie=UTF8&s=books&qid=1177355137&sr=1-1

This book was written by industry experts and is the best reference.

He also has a blog which I also read; www.jeremiahgrossman.blogspot.com/
0
 

Author Comment

by:akohan
ID: 21863546

Wow! thank you so much for the details.

Regards.
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

731 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question