Only These Allowed!

@JickMar 19.2004

I have been searching around and have not really found what I need. I have an input form and I only want the user to be able to input sentance structer type messages. I know you can use this to allow only letters and numbers:

[code=php]if (!ereg(“^[A-Za-z0-9]$”,$message)){ echo “You must enter a valid message!”; }[/code]

I also need to allow such things as periods, commas, question marks, etc… Really anything that you would possible use in a sentance but not allow any html or php tags or any other types. So basicly all they should be able to type in the message box is a normal english sentance and not any code and what not. I’m sure it’s possible but I can’t find it! I have searched through php.net and couldn’t find it! I hope someone can help. Thanks. ?

to post a comment

PHP

13 Comments(s) _↴

@shimonMar 19.2004 — #I can see two approaches: you can add any characters that you wish to _allow_ in the regex there (but note you'll need to escape some, as many characters have special meaning to a regex. So to allow full-stops and commas and question marks:

[code=php]
 if (!ereg("^[A-Za-z0-9\.,\?]$",$message)){ 

 echo "You must enter a valid message!"; 

 }[/code]

I won't add the lot but you can see how that works.

The other, and maybe better solution is simply to run [URL=http://www.php.net/strip_tags]strip_tags()[/URL] on the input. That will just remove any code (except for tags you may wish to allow), and you can assume it is safe without any need for checking.

I suppose if you _really_ want to present an error message you could do:

[code=php]
 if ($string != strip_tags($string)) {
 //echo error message
 }
 [/code]

but i dont think i would bother ?

@JickauthorMar 19.2004 — #I have tried adding more to the regex but one thing I noticed is using the regex way it does not allow spaces. When I add a space to the regex it then will allow them to input messages with just spaces which is not what I want obviously! So I don't know. ?

@shimonMar 19.2004 — #Yep, of course, you would need to allow whitespace too:

[code=php]if (!ereg("^[A-Za-z0-9\.,\?\s]$",$message)){[/code]

or perhaps just a space:

[code=php]if (!ereg("^[A-Za-z0-9\.,\?\ ]$",$message)){[/code]
Im sure there's others - I didn't pretend that was the whole list, only you can decide on that, it's your script ?

@JickauthorMar 19.2004 — #What I was saying was that when I allow whitespaces it enables users to enter completely whitespace messages or in other words blank messages. I was asking how to prevent that! Is it possible to do with the regex? I need to allow whitespace but at the same time I can't allow total whitespace messages cause then it would screw it up! ?

@shimonMar 19.2004 — #Ahhhhh yes, I see exactly what you mean, sorry I misread that ? How 'bout:

[code=php]
 //remove trailing and leading whitespace
 $message = trim($_POST['message']);
 
 //check string still exists
 if (!strlen($message)) {
 $errors[] = "Please enter a message";
 
 //check valid
 } elseif (!ereg("^[A-Za-z0-9\.,\?\s]$",$message)) {
 $errors[] = "Please enter a valid message (no code)";
 }
 [/code]

something like that...

@pyroMar 19.2004 — #shimon, for your knowledge, inside of a character set, neither the . nor the ? need to be escaped.

Further, the regexp should have a + sign after the character set. Otherwise any text string longer than one character will cause it to log an error. Finally, since you use the + (1 or more) you can remove the strlen check altogether.

@JickauthorMar 19.2004 — #Thanks guys! I figured it out. I have one other question. I know that this function includes a string max length and min length:

[code=php]if (!ereg("^[A-Za-z0-9]{3,15}$",$message)){ 
 echo "You must enter a valid message!"; 
 }[/code]

Is there a function that does that all by itself! I just need a function that will make sure it's longer than the defined min length and shorter than the defined max length. Thanks. ?

@pyroMar 19.2004 — #http://us2.php.net/manual/en/function.strlen.php

@JickauthorMar 19.2004 — #Ok, I got this:

[code=php]if(strlen($myvar) > 225){
 echo "It can only be 225 characters long.";
 }[/code]

That sets the max length I believe but how do I add to that to add a min length? I couldn't really see anything about that there. ?

@pyroMar 19.2004 — #[code=php]if (strlen($message) < 3 || strlen($message) > 255) {[/code]

@shimonMar 19.2004 — #[i]Originally posted by pyro [/i]

[B]shimon, for your knowledge, inside of a character set, neither the . nor the ? need to be escaped.

Further, the regexp should have a + sign after the character set. Otherwise any text string longer than one character will cause it to log an error. Finally, since you use the + (1 or more) you can remove the strlen check altogether. [/B][/QUOTE]

true, true. thanks - i should have spotted that ?

/slaps self on head

@The_CheatMar 19.2004 — #if i was you i would do the following:

1. [URL=http://us4.php.net/trim]trim()[/URL] the data before it gets sent to the database. (trimming it will remove any extra spaces before and after the inputted message.

2. I would use strlen to make sure that it's less than 255 chars but greater than 3 chars in length.

3. When the data is being retrieved from the database i would run it throught the [URL=http://us2.php.net/htmlspecialchars]htmlspecialchars()[/URL] function. This will automaticly escape all <> etc... Which will make it impossible to run scripts and use html markup successfully.

my 2 cents.

@JickauthorMar 20.2004 — #Ok, I got it all working now, thanks! I now just need to figure out the strlength thing cause I tried it and it didn't work. Hmm... ?

Also in #PHP _↴

Combined result using PHP [RESOLVED] Update Problem How to declare a matrix having 100 rows and 100 columns

Success!

Help @Jick spread the word by sharing this article on Twitter...

Tweet This

Only These Allowed!

13 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

Only These Allowed!

13 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

13 Comments(s) _↴

Also in #PHP _↴