Could someone check these simple regex's for me please?

[JohnnyT]

Hi,

I'm really new to regex's and wondered if you could just double check these for me. The first two are working (appear to be) the last one isn't.

function check_only_alphabet($string) {
// THIS SHOULD ONLY ALLOW a-z, A-Z and spaces - it seems to be working
return preg_match('%[^a-zA-Z *]%', $string);
}

function check_legal_characters($string) {
// THIS SHOULD ONLY ALLOW EVERYTHING ABOVE PLUS 0-9 - it seems to be working
return preg_match('%[^a-zA-Z0-9 *]%', $string);
}

function check_legal_description($string) {
// THIS SHOULD ALLOW EVERYTHING FROM ABOVE AND '.,:; - IT DOESN'T ALLOW ' ANY IDEAS WHY NOT?
return preg_match("%[^a-zA-Z0-9\'.,:; *]%", $string);
}

Many thanks for any light you can shed on this

Cheers

John ;-)

I don't make mistakes, I'm merely beta-testing life.

 

[jpadie]

i don't know why you are including the asterisk in the character class.

this code works for me as expected

<?php
$text[] = 'I am a test';
$text[] = 'I am a 2nd test';
$text[] = '3 & 5 make eight'; //fails due to &
$text[] = 'now \' I said don\'t do that!'; //fails due to !
$text[] = 'now \' I said don\'t do that'; 

$results = array('pass', 'pass', 'fail', 'fail','pass');

foreach ($text as $key=>$try){
	echo "<br/>$try should {$results[$key]} and the result is " . test($try);
}

function test($try){
	$pattern = '/[^a-zA-Z0-9\'.,:; ]/';
	if (preg_match($pattern, $try)){
		return 'fails';
	} else {
		return 'passes';
	}
}
?>

 

[JohnnyT]

It won't work.

I've tried:
("/[^a-zA-Z0-9\'.,:; ]/", $string)
("/[^a-zA-Z0-9'.,:; ]/", $string)
("%[^a-zA-Z0-9\'.,:; ]%", $string)
("%[^a-zA-Z0-9'.,:; ]%", $string)

It still fails when I enter a single '

Any ideas?

PS. I'm not sure what the asterisk was doing, I was under the impression it denoted that multiple characters could be used i.e. ^a* your allowed as many a's as you want?


I don't make mistakes, I'm merely beta-testing life.

 

[jpadie]

inside a character class an asterisk is just an asterisk.

as you can see from the above test code, the regex works fine for single quotes on my machine. so something is going wrong at your end. either the single quote is being transformed into a smart quote, there is some other pilot error going on or you have a buggy php installation.

any of your regex above should work. note that it may well not work if you are using this regex in ruby, perl etc. the implementations are slightly different.

 

[JohnnyT]

I take it that it wouldn't matter that you have ' either side of the expression and I have "

Also, that you have / and I have %

??

I don't make mistakes, I'm merely beta-testing life.

 

[jpadie]

nope. for the % any delimiter is ok.
and for the quotes, so long as you escape the same quote mark if used within the string, it's fine. of course variables are not expanded within single quotes but that is not relevant here.

post all your code, most likely reason for failure is 95% pilot error!

 

[JohnnyT]

Here's the relevant parts of my code:

function check_legal_description($string) {

return preg_match("%[^a-zA-Z0-9\'.,:; ]%", $string);

}


if(check_legal_description($data['content'])) {
$message['error'] = 'Sorry, we only allow letters, punctuation and numbers in the description.';
break;
}

In this case $data['content'] is the contents of a textarea in a form.

I'm basically trying to stop someone trying to enter malicious code into the textarea...

Many thanks for your help (and patience) so far

John ;-)

I don't make mistakes, I'm merely beta-testing life.

 

[jpadie]

give us an example of text that is failing on your machine.

 

[JohnnyT]

Anything with a ' in it.

It works with ;:., etc but not '

???

I don't make mistakes, I'm merely beta-testing life.

 

[JohnnyT]

I've had an epiphany!!!

I think the server will have magic quotes enabled which will automatically escape all apostrophes as they passed through either GET or POST.

So my regex won't allow a ' because it see's a \

I presume I can just change it to [^a-zA-Z0-9\\'.,:; ]

I'll try it tomorrow.... ;-)

I don't make mistakes, I'm merely beta-testing life.

 

[jpadie]

that change will also allow the backslash to be in your charset. MUCH better is NEVER EVER to use magic quotes.

if you must use it, then undo the damage as quickly as possible with stripslashes().

 

[JohnnyT]

I was under the impression that magic quotes was a good thing... what's the problem with it?



I don't make mistakes, I'm merely beta-testing life.

 

[jpadie]

it's a terrible thing! it takes away control from the coder.

from php5 magic quotes has been turned off by default. from php6 it has been dropped altogether

have a read of the php authors' view on the subject!

http://fr2.php.net/magic_quotes

 

[JohnnyT]

Thanks for the heads up (and the link to the article.)

I'll bear it in mind.

I do tend to use stripslashes and addslashes anyway but will certainly make a point of it in future.

Many thanks for all your help

Cheers

John ;-)

I don't make mistakes, I'm merely beta-testing life.