Hi!!!

I need to check a form for illegal characters through a whitelist(list of allowed characters) with php. A function that could do this for me would be helpful...I can't find one on google...

I really have no idea how to do this....


thanks!!!!
~Kodiak

If the whitelist is entirely comprised of single characters, you can probably use

preg_replace( "[^#$%]", "", $stringToFilter );

to replace any occurrence of "#","$",or "%" with an empty string. Just put whatever characters you need to strip in there. If it's not a simple single character situation (i.e. you need to strip something like "<p>") then you'll have to go deeper into regex land to get there.

If the whitelist is entirely comprised of single characters, you can probably use

preg_replace( "[^#$%]", "", $stringToFilter );

to replace any occurrence of "#","$",or "%" with an empty string. Just put whatever characters you need to strip in there. If it's not a simple single character situation (i.e. you need to strip something like "<p>") then you'll have to go deeper into regex land to get there.

Actually, sorry, that pattern is bad, use this instead

preg_replace( "/[#$%]/", "", $stringToFilter );

(It was too late to edit the other post)

isn't there a way to make characters that are allowed(whitelist)
instead of characters that aren't allowed(blacklist)??

preg_replace( "/[^a-zA-Z0-9_]/", "", $stringToFilter );

i guess this could work for your case
replacing everything that is not char. or digit with whitespace

preg_replace( "/[^a-zA-Z0-9_]/", "", $stringToFilter );

i guess this could work for your case
replacing everything that is not char. or digit with whitespace

That was what I was getting at, but I see I dropped the "^" when I retyped my earlier expression. It should work fine as a single character mask.

well what u did was the black list thing
and what i did is white one
it may look the same
but it is not!

well what u did was the black list thing
and what i did is white one
it may look the same
but it is not!

Yes, I got it turned around, which I mentioned previously :)

Anyway, it does not matter. I posted to support that what you posted should work for him, he just needs to tune the pattern to include his acceptable characters :)

Blacklist - whitelist = same result.

i dont think so..!
it is widely known when validating the input that allowing only the accepted characters is more better than preventing the non-acceptable ones , if the user enters data in another language it for example it would be valid but it is not gonna make sense ...

Comments
good point

That's a good point. Since I only ever deal with English websites that's never been a concern for me.

This article has been dead for over six months. Start a new discussion instead.