Using ord to validate input

[Leozack]

So I've got a rather clunky validation system which runs through each char of form input and only adds it to "keep-me" string if it matchs a list of assci values. This has worked fine for chars like this eg

$allowed=0;
$ascval = ord($thetext{$i});
if ($ascval == 126) { $allowed=1; }
...
if ($allowed == 1) { $newtext .= $thetext{$i}; 

This works for chars like these :

'"!$%^&*() -=_+[]{};:@#~ \|,<.>/?`

but when I got to these today they fail - they're supposed to be ord 128 & 163

€£

Why aren't they validating? Or is there a far superior system for validation? (I've not done AJAX, and my regexp is near nil)

_________________________________
Leozack

MakeUniverse($infinity,1,42);

 

[jpadie]

the characters are probably multi-byte strings rather than specific ascii entities.

regex is the way to go here. and I'd approach from the other side - work out the character you don't want and exclude those. look at regular-expressions.info for examples

 

[Leozack]

It appears they are indeed unicode though that throws me as I've not had to deal with that and I didn't think £ is for sure.

How could I approach from the other way as to what I don't want? I'musing this to basically make safe user input to be stored in mysql. Having to make it safe for html display and textbox display and occasionally get-url insertion is a pain, and I can't find any simple rules on how to make things safe for those various places (especially nto without /'s appearing around the place etc)

That site is awesome btw thanks for the link.

_________________________________
Leozack

MakeUniverse($infinity,1,42);

 

[Leozack]

Ok I rewrote the function to use preg_replace (or preg_match for email) - suggestions?

function Validate ($thetext,$format) {
	if ($format == "alnum") {
		return preg_replace(/[^a-z0-9]/i,'',$thetext);
	}
	if ($format == "al") {
		return preg_replace(/[^a-z]/i,'',$thetext);
	}
	if ($format == "num") {
		return preg_replace(/[^0-9]/,'',$thetext);
	}
	if ($format == "dec") {
		return preg_replace(/[^0-9.]/,'',$thetext);
	}
	if ($format == "text") {
		//return preg_replace(/^[[:alnum:]]i/,'',$thetext);
		return preg_replace(/[^\w \r\n$!"#%&'()*+\\,\-.\/:;<=>?@[\]_^`{|}~€£¥¬¦®©™]/,'',$thetext);
	}
	//	$!"#%&'()*+\,-./:;<=>?@[]^_`{|}~€£¥¬¦®©™	= allowed
	if ($format == "email") {
		if (preg_replace(/^([a-z0-9'\+_\-]+)(\.[a-z0-9'\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix,$thetext)) {
			return $thetext;
		} else {
			return "";
		}
	}
}

_________________________________
Leozack

MakeUniverse($infinity,1,42);

 

[feherke]

Hi

Ok I rewrote the function to use preg_replace (or preg_match for email) - suggestions?

You should read their documentation more carefully. Including the code samples.

In PHP there is are no regular expression literals. They are just strings. So you have to quote them.


Feherke.

 

[Leozack]

Yeah I already spotted the fact I forgot to stick ' on the ends

And I read most of

http://www.regular-expressions.info

the other day!

_________________________________
Leozack

MakeUniverse($infinity,1,42);

 

[Leozack]

and ps it didn't work right anyway not until I did this anyways

$string = '[^\w \r\n$!\"#%&';
$string .= "'()*+,-./:;<=>?@[]_^`{|}~€£¥¬¦®©™]";
return preg_replace('/'. preg_quote($string, '/') .'/','',$thetext);

my email one still uses this though

if (preg_match('/^([a-z0-9\'\+_\-]+)(\.[a-z0-9\'\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix',$thetext)) {
	return $thetext;
}

_________________________________
Leozack

MakeUniverse($infinity,1,42);