hi, i am trying to get a simple form done and I need to validate an input which stands for a title, this is the code I currently have: if(!eregi('^[a-zA-Z0-9 ._-]+$',$_POST['editsite_4'])) { echo "some error"; } PHP: it's working fine, but I would like to allow some more characters like: & * ] # ! [ : / I tried to add the characters there but always getting an error: but keep it secure because that variable will go to a database.. characters i don't want to allow: ' = " I am paying $5 for this simple code, you can reply directly to this thread if you wish and pm me your paypal account.
/([^=]*)/ Code (markup): try that btw eregi is derecated i suggest just use if(!strpos($string,'=')) { //valid } PHP: just use sanitation like this one http://php.net/manual/en/function.addslashes.php
I'm also using mysql_real_escape_string() before adding to the database, should I also use the addslashes() function ?
if (preg_match('@^[&\*#!:/a-zA-Z0-9 ._-]+$@', $title)) Code (markup): ChiChi's solution is poor because it only discounts the = character. It is better to use a whitelist regex as that way you can be confident with what characters are allowed. Have you seen the UTF-8 character set? There are THOUSANDS of characters, it's better to allow only a few than disallow one character. The reason you had out of range errors is that some of your allowed characters are special characters that have meaning within a regex. When you want to use the literal representation of that character (with no special meaning), you need to use the \ character before it to escape it so that the system understands what you mean. PayPal