Expression help (preg_match)

sois

Hi,

I am beginning to validate user entered data. One thing I want to do is create a function that will only allow users to only enter [A-z], [0-9], spaces, carriage return, tab, comma, period, question and explanation mark. Anything other than that will get rejected.

Is this a good way to keep my site somewhat secure?
is this preg_match code set correctly?

$passedVariable = $_POST['passedVariable']
if (!preg_match('/^[a-zA-Z0-9 \n\,\r\t\.\?\!]{1,}$/', $passedVariable)) exit();

Is there anything unsafe about this?

Thanks!

NogDog

There is nothing specifically safe or unsafe about it -- it all depends upon the context in which it will be used. It may be too limiting for a text field where a user enters some sort of description that might need apostrophes or quotes for example, or perhaps extended characters to support non-English names. On the other hand, it might be insufficient for a value that would be used in an email header, since it allows "\r\n".

Ashley_Sheridan

I've written a useful function for validation which should do exactly what you want. http://www.ashleysheridan.co.uk/coding_php_validation.php

note to admins: I don't mean to plug this page so much, but I see so many people asking for validation help!

sois

Ashley Sheridan;10883361 wrote:
I've written a useful function for validation which should do exactly what you want. http://www.ashleysheridan.co.uk/coding_php_validation.php

note to admins: I don't mean to plug this page so much, but I see so many people asking for validation help!

Ashley, this is awesome, a much better alternative than reinventing the wheel. The links for download do not work, do you think you could email me a copy?

race_car_bed ATTTT yahoooooo.com

Ashley_Sheridan

Hi, Sorry, I fluffed up the filename when I uploaded it. It should work fine now. :-/