Filtering / sanitizing an input (domain) for PHP

Hi
One of my scripts receives a user-input value "name" that will serve as a domain or subdomain, hence I must make sure it contains only allowed characters, and must replace the rest.

My rules are as follows for that name that arrives in lower case:
- name must only contains A-Z (or a-z but converted earlier) or dots, anything else must be deleted to avoid cross-site scripting
- it may contain 1 or 2 dots (name.fr or name.co.uk) and if so must be flagged as a domain, but dots cannot be at the beginning, the end, or a dot follow another dot (ie usual domain rules)
- If the final value is a word only then I add .samplename.com at the end
- else the name is a doman and is used as such

I already have a good email validation test:

eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9-]+\.[a-zA-Z.]{2,5}$', $email)

 but it just returns an error if the email does not pass, here I must convert the chain.
Which PHP rules would help me do the above ?

Thanks.
LVL 3
DenisvtAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DenisvtAuthor Commented:
I guess this is very as this rule validates a domain, but how would I go about replacing all other unallowed characters if found in the chain ?

preg_match ("/^(([a-z0-9][-a-z0-9]*?[a-z0-9])\.)+[a-z]{2,6}$/", $domain)
0
Terry WoodsIT GuruCommented:
Something like this?

$name = preg_replace("/[^a-z\d.]/","",$name); #remove unacceptable chars

Note though that I think there are a whole heap of characters acceptable in domain names that you would be removing. It might meet your needs anyway though.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ray PaseurCommented:
"a good email validation test" might be better if you used the built-in PHP function.  This should get you started.
http://us3.php.net/manual/en/function.filter-var.php

Domain names are not case-sensitive (nor are email addresses).  HTH, ~Ray
0
DenisvtAuthor Commented:
It seems preg_replace("/[^a-z\d.]/","",$name); does the job, not sure which allowed chars it could remove ?
Domain names case does not matter indeed, I was just lowering it to not have to test whether upper case letters were found.
I was not aware of that PHP function, will have a look thanks.
0
Ray PaseurCommented:
Yeah, the whole question of filtering and validating data fields has sort of "been done" before.  Good luck with your project, ~Ray
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.