0

Hi
I need to allow the form user to fill out the form using alpha numeric characters only.
After reading what I could find this my first attempt to use preg_replace.
This works but I need to make sure I am validating the user form input.
Have I missed any thing?

<?php
$find = strip_tags(trim($_POST['find']));
$find = preg_replace("/[%|<|>|!|?|#|*|@|(|)]/", "", $find);
?>
2
Contributors
3
Replies
4
Views
10 Years
Discussion Span
Last Post by Puckdropper
0

Thanks for the response

I will use

preg_replace("/[^a-zA-Z0-9\s]+/", "", $find);
0

That better follows the security rule "Only allow what you want to allow, nothing else."

You may want to consider something along the lines of this UNTESTED regexp:
/\W+\s/

This matches one or more nonword characters and a whitespace character. If you have to watch for Unicode characters and foreign input this is the way to go.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.