[RESOLVED] ereg

middleman666

leatherback wrote:
or..

if(! eregi("[a-z0-9_]", $string))
{
// something wrong
}

Sorry about posting new thread, its just I resolved the older one and didn't think it would be looked at. This forum could do with a 'Mark as Unresolved' button 🙂

I'm trying to make it so a username is only accepted if its made up of letters, numbers and underscores and nothing else.

When I enter just % it will say its an invalid character and when I enter Letters and or numbers it says its fine, but when I enter something like LEtters%09 it still validates as being fine.

How can I stop this happening?

Thanks

dagon

if (!eregi("[^A-Z0-9_]", $username))
    {
        echo "username OK";
    }
    else
    {
        echo "bad username!";
    }

Weedpacket

Wow, there are people who still use ereg()?! 🙂 (No, really; the developers are busy ditching it.)

In fact this could be done without regular expressions at all. One of many:

function validate_username($username)
{
    return trim($username, 'a..zA..Z0..9_')==0;
}

middleman666

Thanks for the replies.
I don't seem to be having much luck with this.

I tried the eregi method suggested and I still have the same problem so I gave the trim() method a go and that didn't seem to work either so now I'm wondering if all the coding that goes with username is somehow stoping it from working.

Heres all the validation for the username:

  if (!$_POST['username']) { 
    $error .= "<li>Please enter a username</li><br>";   

  }
  else if (strlen($_POST['username'])<6 || strlen($_POST['username']) >16) {
    $error .= "<li>Your username must be between 6 and 16 characters long</li><br>";     

  }
  else if (trim($_POST['username'], 'a..zA..Z0..9_')!=0) {
    $error .= "<li>Your username name should only have letters, numbers and or an underscore ( _ )</li><br>"; 
  }
  else {
    // check if username is unique 
    $result = mysql_query("select * from $TableName where username='$username'"); 
    if (mysql_num_rows($result)) {
      $error .= "<li>Sorry, that username has already been taken, please try another</li><br>";  

    }
  }

Am I doing something obviously wrong?

Thanks.

Weedpacket

In the first line you should be checking to see if $_POST['username'] is empty by using empty().

[man]trim/man doesn't return a number, it returns a string. That's a typo on my part. The idea is that if you trim all of the acceptable characters off an acceptable username, you won't have anything left.

But back to ereg(). Note that the manual recommends you use [man]preg_match[/man] these days (in fact, it's recommended that for a couple of years now).

Weedpacket

In the first line you should be checking to see if $_POST['username'] is empty by using empty().

But back to ereg(). Note that the manual recommends you use [man]preg_match[/man] these days (in fact, it's recommended that for a couple of years now).

Oh, and if you're just looking to see if a record exists, "Select count(*) from ...." will be a lot more efficient and will tell you how many records match.

middleman666

Weedpacket wrote:
In the first line you should be checking to see if $_POST['username'] is empty by using empty().

[man]trim/man doesn't return a number, it returns a string. That's a typo on my part. The idea is that if you trim all of the acceptable characters off an acceptable username, you won't have anything left.

But back to ereg(). Note that the manual recommends you use [man]preg_match[/man] these days (in fact, it's recommended that for a couple of years now).

Oh, and if you're just looking to see if a record exists, "Select count(*) from ...." will be a lot more efficient and will tell you how many records match.

Thanks for the reply.

I pretty sure I've got it working now and heres my code:

  if (!$_POST['username']) { 
    $error .= "<li>Please enter a username</li><br>";   

  }
  else if (strlen($_POST['username'])<6 || strlen($_POST['username']) >16) {
    $error .= "<li>Your username must be between 6 and 16 characters long</li><br>";     

  }
  else if (preg_match('/[^a-z0-9.-_]()/i', $_POST['username'])) {
    $error .= "<li>Your username can only be made up of letters, numbers, underscores, fullstops or hyphens</li><br>"; 
  }
  else {
    // check if username is unique 
    $result = mysql_query("select username from $TableName where username='$username'"); 
    if (mysql_num_rows($result)) {
      $error .= "<li>Sorry, that username has already been taken, please try another</li><br>";  

    }
  }

I have a few questions:
1. !$POST['username'] seems to do the same thing as !empty($POST['username'] ) but with fewer characters - what are the advantages of using empty() insted of just !?

I got the preg_match working, but to tell the truth, I don't get why its working without having a ! before the preg_match function - I thought by putting a ! before it would mean "if the source does not match the pattern then display error" but it seems to mean the oposite.
I've changed my select to select username - is this more efficient than select count()?

Thanks for your help.

Weedpacket

See the manual page on [man]empty[/man] for an explanation.
Because the pattern matches any character that is invalid; if it finds one it says "yes, the string has what I was looking for", and with the ! you turn the yes into a no.
Possibly, but it seems silly to go to all the effort of requesting data that you already have.

middleman666

Some people seem to have mixed opinions of wheather empty() is faster or not, but I've changed to empty() instead of !.
Cheers for clearing that up 🙂
Cheers again, I think i'll stick with select username for now.

Cheers for all your help!

leatherback

Weedpacket wrote:
Wow, there are people who still use ereg()?! 🙂 (No, really; the developers are busy ditching it.)

Hehe..

I generally avoid regexp, and have no real need for them, mostly. I do not think I have a single script that actually uses eregi. Was the first that came to mind for me

Weedpacket wrote:
In fact this could be done without regular expressions at all. One of many:
function validate_username($username)
{
    return trim($username, 'a..zA..Z0..9_')==0;
}

Nice, need to keep this in mind!

Weedpacket

Incidentally, I don't know if MySQL does this, but to test to see whether a matching record exists or not I usually prefer to write

Select Exists(Select 1 Where condition)

I get back a boolean (my dbms does support booleans) that's true if any records meet the condition (and the dbms doesn't waste time looking for all such records), and false if there isn't.

Installer

I've changed to empty() instead of !.

There is a enough of a difference so that they have different uses. Their return values are exactly complementary, but ! will cause a warning for an undefined variable while empty() won't.

middleman666

Installer wrote:
There is a enough of a difference so that they have different uses. Their return values are exactly complementary, but ! will cause a warning for an undefined variable while empty() won't.

Cheers, will keep that in mind in the future 🙂