Hi
I need to allow the form user to fill out the form using alpha numeric characters only.
After reading what I could find this my first attempt to use preg_replace.
This works but I need to make sure I am validating the user form input.
Have I missed any thing?
<?php
$find = strip_tags(trim($_POST['find']));
$find = preg_replace("/[%|<|>|!|?|#|*|@|(|)]/", "", $find);
?>Jump to PostSure, ~.
Perhaps a different solution would work better. Eliminate everything but A-Z, a-z, and 0-9...
Sure, ~.
Perhaps a different solution would work better. Eliminate everything but A-Z, a-z, and 0-9...
Thanks for the response
I will use
preg_replace("/[^a-zA-Z0-9\s]+/", "", $find);That better follows the security rule "Only allow what you want to allow, nothing else."
You may want to consider something along the lines of this UNTESTED regexp:
/\W+\s/
This matches one or more nonword characters and a whitespace character. If you have to watch for Unicode characters and foreign input this is the way to go.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.