VERY IMPORTANT question about validation using php

sudhakararaog

i am using php in order to validate a form where users register. please help me to solve the following validations.

name can have spaces. ex= john smith
presently the validation i am using is if( $fname == "" || !eregi("^{[a-zA-Z_]+$",} $fname) )
i need the syntax which would accept a-zA-Z WITH A SPACE IN BETWEEN NAMES ex= john smith
text can have spaces and special characters ex= ref 100/abcd
presently the validation i am using is if( $depositnumber == "" || !eregi("^{[a-zA-Z0-9_]+$",} $depositnumber) )
i need the syntax which would accept a-zA-Z0-9 WITH A SPACE IN BETWEEN AND SPECIAL CHARACTERS ex= ref 100/abcd
spaces in numbers. ex= 123 4567
presently the validation i am using is if( $phonenumber == "" || !eregi("^[0-9]+$", $phonenumber) )
i need the syntax which would accept 0-9 WITH A SPACE IN BETWEEN ex= 123 4567
in case of [a-zA-Z0-9] if i remove the "" after 9 will it have a negative impact or is this a syntax due to which i

should i leave the "" as part of [a-zA-Z0-9]

using stripslashes() function
due to the above validation there is no way a user can enter special characters which could lead to sql injection. inspite of

this should i still use stripslashes to be on the safe side.

please provide the exact syntax for the above validations to works as specified for different scenarios.

thanks.

laserlight

1. name can have spaces. ex= john smith
presently the validation i am using is if( $fname == "" || !eregi("^[a-zA-Z]+$", $fname) )
i need the syntax which would accept a-zA-Z WITH A SPACE IN BETWEEN NAMES ex= john smith

I suggest that you use the PCRE functions instead. You probably could use something along these lines:

if (preg_match('/^[a-z_]+( [a-z_]+)*$/i', $fname))

2. text can have spaces and special characters ex= ref 100/abcd
presently the validation i am using is if( $depositnumber == "" || !eregi("^{[a-zA-Z0-9_]+$",} $depositnumber) )
i need the syntax which would accept a-zA-Z0-9 WITH A SPACE IN BETWEEN AND SPECIAL CHARACTERS ex= ref 100/abcd

spaces in numbers. ex= 123 4567
presently the validation i am using is if( $phonenumber == "" || !eregi("^[0-9]+$", $phonenumber) )
i need the syntax which would accept 0-9 WITH A SPACE IN BETWEEN ex= 123 4567

I have linked to the PHP manual's entry on PCRE. Check out the pattern syntax, refer to my example, and try and figure out solutions yourself.

4. in case of [a-zA-Z0-9] if i remove the "" after 9 will it have a negative impact or is this a syntax due to which i

should i leave the "" as part of [a-zA-Z0-9]

If you remove the underscore, the character class changes. What do you mean by "negative impact"?

5. using stripslashes() function
due to the above validation there is no way a user can enter special characters which could lead to sql injection. inspite of

this should i still use stripslashes to be on the safe side.

stripslashes() has nothing to do with stopping SQL injection. What you should use to stop SQL injection is the relevant SQL escaping mechanism, e.g., as a by product of prepared statements, or something like mysql_real_escape_string().