Regular Expression Pattern

brian15782

<?PHP
header("Cache-control: private, no-cache");

if (eregi("[A-Za-z0-9]{6,16}", $HTTP_POST_VARS['password']) AND eregi("[A-Za-z0-9]{6,16}", $HTTP_POST_VARS['username']))

{
$encrypted_password = md5($HTTP_POST_VARS['password']);
$TableName = "userdata";
$Link = mysql_connect("localhost", "root", "krobar");
$Query = "INSERT into $TableName values ('', '$HTTP_POST_VARS[username]', '$encrypted_password')";
mysql_db_query("users", $Query, $Link);

}

else {

print("NO");

}

It performs the DB Query even if more than 16 characters are entered in one of the fields.

I have looked over it several times and cannot find the problem any ideas?

yelvington

That's how it's supposed to work. Your regular expression matches a string of at least six and up to 16 alphanumeric characters anywhere in the input.

For example, it will return true on the following string:

%%%%%%%%%%abc333%%%%%%%

You're going to have to test the length of the input strings separately.

xblue

or you can use ^ and $ for beginning and end of the string, like this:

^{[A-Za-z0-9]{6,16}$}

(this means: begin of the string, immediately followed by 6 up to 16 letters, immediately followed by the end of the string)

Hope this helps,
xblue