Solved

Regex for URL

Posted on 2013-11-18
7
353 Views
Last Modified: 2013-11-19
Hello,

I need to use preg_match('REGEX', $_SERVER['REQUEST_URI']) to report true when the following is true:
The REQUEST_URI string contains */clients/
[a-zA-Z0-9].php*

Where * is an infinite wildcard. The point is that it only matches URLs where it is a .php file in the /clients directory being accessed.

What is the proper REGEX value?

Thank you
0
Comment
Question by:cc01
7 Comments
 
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 39658625
You can use:

^.*?/clients/[a-zA-Z0-9]\.php\b.*$

Open in new window

0
 

Author Comment

by:cc01
ID: 39658694
No go; that .*? should work for a / in front, correct?

This is what I am currently using:
if(preg_match('^.*?/clients/[a-zA-Z0-9]\.php\b.*$', $_SERVER['REQUEST_URI'])) {
0
 
LVL 43

Expert Comment

by:Chris Stanyon
ID: 39659084
I think you need the + after the character match. You also need start and end delimiters:

if(preg_match('|^.*?/clients/[a-zA-Z0-9]+\.php\b.*$|', $_SERVER['REQUEST_URI'])) { 

Open in new window

0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 11

Expert Comment

by:SAMIR BHOGAYTA
ID: 39659105
hi.. this is your solution

(http|ftp|https):\/\/[\w\-_]+(\.[\w\-_]+)+([\w\-\.,@?^=%&:/~\+#]*[\w\-\@?^=%&/~\+#])?

use it...
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 39659268
When there is a question like this, there is usually a backstory with a business rule or rule set that the programmer is trying to implement with REGEX, and that's often a bad idea, especially when the subject matter is the REQUEST_URI.  Can you please step back from the technical details and just tell us in plain language what you want to achieve?  There may be better ways to get to the end result.  

And in any case, the rules for URLs are not really quite as simple as you may think.  If you control the creation of the URLs, that is a good step in the right direction, but with REQUEST_URI your rules must also account for (or deliberately ignore) the request variables.

This article has some ideas about how to test the REGEX, but I still think that your business-rules explanation will get you a better approach.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_7830-A-Quick-Tour-of-Test-Driven-Development.html

<?php // RAY_temp_cc01.php
error_reporting(E_ALL);


// http://www.experts-exchange.com/Programming/Languages/Regular_Expressions/Q_28297813.html
// The REQUEST_URI string contains */clients/[a-zA-Z0-9].php*


// A REGULAR EXPRESSION
$rgx
= '#'           // REGEX DELIMITER
. '/clients/'   // EXPLICIT CHARACTER STRING
. '[A-Z0-9]'    // CHARACTER CLASS - LETTERS AND NUMBERS
. '{1,}'        // AT LEAST ONE CHARACTER
. '\.php'       // WITH A PHP SUFFIX
. '#'           // REGEX DELIMITER
. 'i'           // CASE-INSENSITIVE
;

// SOME TEST DATA
$uri = array
( '/clients/xyz.php?admin=1'
, '/clients/login.php?uid=ABC+OR+1+=+1'
, '/admin/clients/delete.php?id=23'
, 'clients.php'                                         // FAILS BECAUSE NO SLASH BEFORE CLIENTS
, '/clients/'                                           // FAILS BECAUSE NO .PHP
, '/clients/healthcare.gov/blunder/obamacare/fail.php'  // FAILS BECAUSE . AND SLASH NOT PERMITTED AFTER /CLIENTS/
, '/clients/images/index.php?q=gooseball'               // FAILS BECAUSE SLASH NOT PERMITTED AFTER /CLIENTS/
)
;

// TEST THE REGEX
echo '<pre>';
foreach ($uri as $str)
{
    echo PHP_EOL . $str;
    if (preg_match($rgx, $str))
    {
        echo " OK";
    }
    else
    {
        echo " FAIL";
    }
}

Open in new window

0
 

Author Closing Comment

by:cc01
ID: 39660923
Thank you for the solution that works and a detailed explanation as well as other advisories.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39660933
Thanks for the points and thanks for using EE, ~Ray
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now