?
Solved

Tying to ensure that only alphanumeric characters are used

Posted on 2011-05-13
6
Medium Priority
?
263 Views
Last Modified: 2012-05-11
I'm not sure to use preg_replace to ensure that only alphanumeric characters plus underscore (_), comma(,), period (.), hyphen (-), @ are used and no spaces to be used. Is the following code correct? If they are used I want it to give the user a warning.

}else if (preg_replace('/[^\w\'\"\@\-\.\]/i', '',($_POST["username"]))){
		echo "<p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><br />Please go back, USERNAME is only allowed to have letters and numbers with NO SPACES MUST BE BETWEEN 5 to 10 characters.<p>&nbsp;</p><p>&nbsp;</p><a href='javascript:javascript:history.go(-1)'>Click here to go back to previous page</a>";

Open in new window

0
Comment
Question by:genesisvh
6 Comments
 

Author Comment

by:genesisvh
ID: 35754478
Nevermind I'm using this
}else if (!(eregi('/[^\w\'\"\@\-\.\]/i', '',($_POST["username"])))){
		echo "<p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><br />Please go back, USERNAME is only allowed to have letters and numbers with NO SPACES MUST BE BETWEEN 5 to 10 characters.<p>&nbsp;</p><p>&nbsp;</p><a href='javascript:javascript:history.go(-1)'>Click here to go back to previous page</a>";	

Open in new window


But is it secure? Should I use mysql_real_escape_string?
0
 
LVL 8

Accepted Solution

by:
kivan24 earned 501 total points
ID: 35754531
Use both first use regular expresion then mysql_real_escape_string
0
 
LVL 13

Assisted Solution

by:haloexpertsexchange
haloexpertsexchange earned 501 total points
ID: 35754533
An easy way to make sure that you are only getting alphanumaric you can use ctype_alnum.
No regex required.

http://www.php.net/manual/en/function.ctype-alnum.php
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 1

Assisted Solution

by:kevpatts
kevpatts earned 498 total points
ID: 35754723
You have one too many backslashes in there, you've escaped the end of the square brackets, but otherwise it should work.

I would recommend using this only as second level insurance. You should also include JavaScript on the site that would strip out illegal characters as they typed:
onKeyUp='this.value=this.value.replace(/[^\w\&apos;\"\@\-\.]/i,"");'

Open in new window

0
 

Author Comment

by:genesisvh
ID: 35755197
Ok so I'm still having problems. This is what I need:
I want a function to echo a message if a username does not pass my requirments.

  - Only letters and / or numbers
 - Must start with a letter (not a number)
 - No spaces

The current code is not working for me. Please help
}else if (!(eregi('/[^\w\'\"\@\-\.\]/i', '',($_POST["username"])))){
		echo "<p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><br />Please go back, USERNAME is only allowed to have letters and numbers with NO SPACES MUST BE BETWEEN 5 to 10 characters.<p>&nbsp;</p><p>&nbsp;</p><a href='javascript:javascript:history.go(-1)'>Click here to go back to previous page</a>";	

Open in new window

0
 

Author Closing Comment

by:genesisvh
ID: 35755400
Thanks anyway
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
This holiday season, we’re giving away the gift of knowledge—tech knowledge, that is. Keep reading to see what hacks, tips, and trends we have wrapped and waiting for you under the tree.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Suggested Courses
Course of the Month13 days, 16 hours left to enroll

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question