[RESOLVED] form validation

auddog

I have been using:

  //check for a order number
  if (empty($_POST['lname'])) {
      $errors[] = 'You forgot the first name.';
      }

to check to make sure that everyone is at least filling in the boxes, but I would like to validate the form to better protect my system. I have been trying:

if(!preg_match("/[^a-zA-Z0-9\.\-\Ä\ä\Ö\ö\Ü\ü\]+$/s",$_POST['lname'])) {
      $errors[] = 'Invalid or blank first name.';
      }

but everything seems to fail. I am I missing something here.

NogDog

I think you have your "[" and "^" transposed at the start of the regex.

bradgrafelman

Actually, I would look at the pattern differently:

Instead of making sure the string matches that character class, why not check if any character doesn't match that class? In other words, leave the '^' inside the character class (to negate it) and get rid of the '+$' at the end.

NogDog

bradgrafelman wrote:
Actually, I would look at the pattern differently:

Instead of making sure the string matches that character class, why not check if any character doesn't match that class? In other words, leave the '^' inside the character class (to negate it) and get rid of the '+$' at the end.

Also remove the end-of-string anchor "$".

auddog

I changed my validation line to

//check for a first name
  if(!preg_match("/^[a-zA-Z0-9\.\-\Ä\ä\Ö\ö\Ü\ü\ ]/", $_POST['fname'])) {
      $errors[] = 'Invalid or blank first name.';
      }

but now when I run the form I get an on every line telling me undefined variable. Did I setup the validation correctly? I think this is what you meant by - leave the '^' inside the character class (to negate it) and get rid of the '+$' at the end.

NogDog

The "^" character has two very different meanings in the regex, depending on where it is uses. At the very beginning (as in your past post) it "anchors" the following regex to the beginning of the string. (Likewise, "$" is the end-of-string anchor when it is the last character in the regex.) When it is the first character following the opening "[" of a character class, then it negates that class, meaning to match on any character that is not a member of that class. So your two options in this case are:

if(!preg_match('/^[a-zA-Z0-9\.\-\Ä\ä\Ö\ö\Ü\ü\ ]$/', $_POST['fname'])) {
   // invalid first name
}
// ...or...
if(preg_match('/[^a-zA-Z0-9\.\-\Ä\ä\Ö\ö\Ü\ü\ ]/', $_POST['fname'])) {
   // invalid first name
}

In the latter case, note that there is no start-of-string nor end-of-string anchor, and no negation "!" before the preg_match().

As far as the undefined variable, that has nothing to do with the regex. Probably you have a mismatch between the index name you are using for the $_POST array variable and the "name" attribute value assigned for it in the HTML form. Make sure that the spelling is exactly the same, including capitalization (e.g.: 'Fname', 'fName', and 'fname' are three different names).