Help with preg match

I have recently moved my script off my test computer to my host filemanager. My preg match isn't working now. Here is the code I have for the preg match:

$UserName=mysql_real_escape_string(trim($UserName));
if(!preg_match('%^[a-z0-9]+$%i', $UserName))
{
die("Usernames must consist of numbers and letters only.");
}

$UserName=test I know that the value is there because I echoed it. This statement works on my old computer (test area), but now the program is dying and giving me the error message in the code. Is there something wrong with the way my php file is configured? Do I need to change that or is it the statement? Thanks!

 

Hi,

Did you get any error messages?
You can use ctype_allnum instead of regular expression.
Regards

 

No I don't get any error messages just that the username must consist of numbers and letters only, so just my message if the username is not composed of numbers and letters. I will look at the link you provided. Thanks

 

So after looking at it again I have realized that for some reason my statement $UserName=mysql_real_escape_string(trim($UserName)); is setting $UserName equal to nothing. So now I am more confused. Anyone know why that would be happening?

 

Did you make mysql connection before calling mysql_real_escape_string :

To get all possible errors, add:

error_reporting(E_ALL);
$UserName=mysql_real_escape_string(trim($UserName));

PHP:

There is no need to escape a-z0-9.

 

Yes, I do have a connection.

I added error_reporting(E_ALL); and got nothing.

I guess I can just use the data without escaping it then and just use preg match. Is that still going to be safe? I have some other forms where I just escape the data and not preg match it because I am allowing a lot of characters so I am not really sure what to do with those. Thanks for the help!

 

When you pass any characters into database, mysql_real_escape_string is required, but in this particular case you can trust preg_match/ctype_allnum functions.
Regards

 

i suggest use eregi

 

koko5 thank you. Om ji Kesgarwani I am using PHP 5 so I can't use eregi.

 

@WitneyM

I recommend you always escape all user submitted data before submitting it to db, even if it seems valid via preg_match. Your problem is your escpaing your $UserName and then checking it via preg_match but you have not added the backslash character in the allow list in your pattern, which is why it may not work...

Do this:

if(!preg_match('%^[a-z0-9]+$%i', $UserName))
{
echo "Username is Invalid!";
} else {
//proceed and escape username...
$UserName=mysql_real_escape_string(trim($UserName));
}

PHP:

@Om ji Kesharwani

eregi is deprecated theirfore use preg_match as an alternative, to those who still are using eregi simple replace eregi with preg_match and add delimiters to the start and end of the regular expressions such as /~PATTERN~/

 

Thank u danx10. I too use preg_match but sometimes i faced prob with preg_match which were solved through eregi. So i suggested eregi.