Hi there,

Maybe it's just me, but I found it very hard to find php tutorials which are able to explain things in plain English. That is, for now I cannot find any answer on Google as to how to allow the questionmark ? in a string with preg_match(). Nobody seem to have been dealing with it before. I also want to allow other common characters which are not part of potential SQL-injection attempts.

I have this line:

if(!preg_match("/^[0-9A-Za-zÆØÅæøå ?!,;:.-/]+$/",$string)) { ...

If I enter ? in the input field, preg_match() evaluates the character as non-valid.

How should I write the above preg_match() in order to allow the whitespace, ? ! , ; : . - and / characters.

Thanks very much in advance.

    Didn't work:

    if(!preg_match("/^[0-9A-Za-zÆØÅæøå \?\!,;:.-\/\"]+$/",$string)) { ...

    If I enter ? or ! or " in my input field, it is caught as non-valid.

    What am I missing still?

      have a look at preg_quote, it shows you a list of what you need to escape, your still missing a couple.

        Still not working 100%, but close...

        if(!preg_match("/^[0-9A-Za-zÆØÅæøå ,;-\?\!\.\:\"]+$/",$string)) { ...

        The / and " do not get through.

        I cannot figure out how to implemet the preg_quote on these two characters. How do I escape these ones?

          don't use / as your pattern boundary if you want it in the patten and use single quotes on the string id you want the double to be literal.

            Copenhagener;10933747 wrote:

            Still not working 100%, but close...

            if(!preg_match("/^[0-9A-Za-zÆØÅæøå ,;-\?\!\.\:\"]+$/",$string)) { ...

            The / and " do not get through.

            I cannot figure out how to implemet the preg_quote on these two characters. How do I escape these ones?

            A couple of things to note.. first, most metacharacters loose their meaning within a character class [...]. So characters like the dot and questionmark don't require escaping. The dash is potentially another story though...if it is not the very first or very last character in the character class, and it is not escaped, it will create a range. So in this case, you created a range from ; to ?

            So your pattern could be cleaned up a tad:

            if(!preg_match('#^[0-9a-zÆØÅæøå\s,;?!.:"/-]+$#i', $string)) { ...

            What I have done here is a couple of things:

            1) Used single quotes instead of double quotes outside the pattern.
            2) Changed the delimiters from / to #, that way, you won't have to escape the / inside the character class.
            3) Added the 'i' modifier after the closing delimiter. This makes things case insensitive, so it will match a-z and A-Z.
            4) placed the dash at the very end (thus no need to escape it, and it doesn't create a range).
            5) Unescaped stuff like ?, !, . etc...
            6) I added the character class shorthand \s instead of your literal space (\s represents all whitespace characters, like space, tab, newlines, carriage returns, etc..)

            Hopefully that all helps.

              Thank you for your replies.

              I have decided to allow the characters ´ and ` instead of double quote or single quote, because the regular quotes do not get through, even though all advise and logic is followed, and no matter how I try to implement them in the preg_match. Several others have reported the same problem, with similar suggestions which do not work, and never found the solution. And yes, I also tried using single quotes instead of double quotes in my php statement, but again to no avail. php bug here?

              Here is my final line of code, which is 100% tested and WORKING, using the alternative quotation marks instead of regular quotes, and added some more special characters:

              if(!preg_match("#^[0-9A-Za-zÆØÖÅæøöåÀàÉé\s,;.:?!´`\(\)/-]+$#", $string)) { . . .

              Thanks again.

                Write a Reply...