Solved

Is this preg_replace correct?

Posted on 2012-03-27
10
217 Views
Last Modified: 2012-03-28
Ok,

I want to let users add their twitter to my site, and twitter only allows aphanumeric characters + _ underscore in names.

Will this do?

$twitter = preg_replace("#[^a-zA-Z0-9_]#", "", $_REQUEST['twitter']);
0
Comment
Question by:GVNPublic123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
10 Comments
 
LVL 1

Expert Comment

by:andresdelfino
ID: 37773838
What that line will do is remove any non-complaint characters from the user's input.

Please note that that's not the same as checking if the user has entered a correct username.

For example.

Given real username: andres_delfino
The user could accidentally enter: andres-delfino

You would be saving the wrong username: andresdelfino (since you are removing the offending -).

Plus, you luck the + in your regular expression: #[^a-zA-Z0-9_+]#

I strongly suggest you to ask the user to correct his/her mistake should he/she make one.

In that case, preg_match is your friend:

preg_match("#^[a-zA-Z0-9_+]+$#", $_REQUEST['twitter'])

Open in new window


More information at: http://www.php.net/manual/en/function.preg-match.php
0
 

Author Comment

by:GVNPublic123
ID: 37773853
Oh no, I dont give a sh*t about checking, Ill just sanitize than verify on twitter if exists. No time to waste with stupid warnings.

So is my preg-match correct or not?
0
 
LVL 1

Expert Comment

by:andresdelfino
ID: 37773879
Sorry, your solution is not correct.

What I'm suggesting you is to ask the user to re-enter their Twitter account username should you find a non-complaint character.

In case you prefer not to do this, I strongly suggest you to ignore usernames with non-complaint characters showing an error to the user, since you can't sanitize them at all. Your solution removes non-complaint characters from the user's input, but that doesn't guarantee you a valid username at all, just that the characters used are correct. The example I shared with you earlier shows this.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:GVNPublic123
ID: 37773915
Look, I only wanted to know, if this:
#[^a-zA-Z0-9_]#

Will wipe all illegal characters clean. The correctness of username is than checked with twitter along with name, followers, country etc etc... So why would I display stupid message when I can just wipe and GUARANTEE correct entry. Or wrong username is cancelled out with twitter verification.
0
 

Author Comment

by:GVNPublic123
ID: 37773919
Thus it saves me mysql sanitization line of code :P
0
 
LVL 7

Expert Comment

by:designatedinitializer
ID: 37773920
There's your code.
$sanitized = preg_replace("#[^a-zA-Z0-9_]+#","",$input);

Open in new window


(notice you were lacking the replacement string, in this case "", and that the + sign must be after the closing square barckets).
0
 
LVL 1

Expert Comment

by:andresdelfino
ID: 37773921
Add + to your string (#[^a-zA-Z0-9_+]#), and yes, it will wipe all illegal characters clean.
0
 
LVL 1

Accepted Solution

by:
andresdelfino earned 500 total points
ID: 37773929
Sorry, for your first post, I understood that Twitter also accepts "+" in usernames. But now I understand what you mean by it.

So, yes, your string is perfect.
0
 
LVL 7

Expert Comment

by:designatedinitializer
ID: 37774016
I hate to burst your bubble... but like I said before, that + must be outside the square brackets.
As is, that expression will also allow plus signs...
0
 
LVL 1

Expert Comment

by:andresdelfino
ID: 37774589
Indeed, "+" must not be inside the square brackets. Like I said in my last post, I wrongly understood that "+" was a valid character, but later realized what the GVNPublic123 meant by saying "+" in his/her first post. That's why, in my last post, I stated that the correct string is the one GVNPublic123 shown in his/her first post.

Also, the "+" is not needed outside the square brackets, since PHP will search for any of the characters not in that sequence and delete them. Doesn't matter how many of them it finds. You can try this here: http://www.solmetra.com/scripts/regex/index.php
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question