Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    Regular Coder
    Join Date
    Jul 2009
    Posts
    187
    Thanks
    16
    Thanked 8 Times in 8 Posts

    Another Regex problem :/

    It seems to be right to me...But I am not an expert in regex

    PHP Code:
    if (!preg_match("/^[A-Za-z0-9_!&-.,]$/"$user)) {
        
    $results[] = ("Your username can only include these symbols: ! _ - & . , [ ]");

    It shouldn't return the error above, but it does, even when I type something like "Hello"
    Last edited by Jazz914; 11-01-2009 at 11:45 PM.

  • #2
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,865
    Thanks
    160
    Thanked 2,224 Times in 2,211 Posts
    You need to escape special characters like -, . etc and add a + sign after the square bracket to indicate one or more occurrence. Try
    PHP Code:
     $user='Hello';
    if (!
    preg_match("/^[A-Za-z0-9_!&\-\.,]+$/"$user)) {
        echo 
    $results[] = ("Your username can only include these symbols: ! _ - & . , [ ]");

    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #3
    Regular Coder
    Join Date
    Jul 2009
    Posts
    187
    Thanks
    16
    Thanked 8 Times in 8 Posts
    Thank you ^_^

    But I also want to add the possibility for square brackets to be included in the username, I tried this:

    Code:
    if (!preg_match("/^[A-Za-z0-9_!&\-\.,[\]]+$/", $user)) {
    But it didn't work

  • #4
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,865
    Thanks
    160
    Thanked 2,224 Times in 2,211 Posts
    You need to escape [ as well.
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #5
    Regular Coder
    Join Date
    Jul 2009
    Posts
    187
    Thanks
    16
    Thanked 8 Times in 8 Posts
    Like this?
    PHP Code:
        if (!preg_match("/^[A-Za-z0-9_!&\-\.,\[\]]+$/"$user)) { 
    It still returns the error if the username contains the square brackets :S
    Last edited by Jazz914; 11-02-2009 at 01:37 PM.

  • #6
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,865
    Thanks
    160
    Thanked 2,224 Times in 2,211 Posts
    Quote Originally Posted by Jazz914 View Post
    Like this?
    PHP Code:
        if (!preg_match("/^[A-Za-z0-9_!&\-\.,\[\]]+$/"$user)) { 
    It still returns the error if the username contains the square brackets :S
    Works well for me
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #7
    Regular Coder
    Join Date
    Jul 2009
    Posts
    187
    Thanks
    16
    Thanked 8 Times in 8 Posts
    I figured out whats wrong but is it REALLY neccessary for me to have the following in code in a security object I made?

    PHP Code:
    $value escapeshellcmd($value); 
    Or will I be fine without it, its this which is getting rid of the square brackets and replacing them with spaces. I know what this does, i'm just wondering, is it a really easy vulnerability?
    Last edited by Jazz914; 11-02-2009 at 08:46 PM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •