Contact form issue-ereg/preg_match( )

1jjlun

Help!

Suppose I have a simple html contact form containing the usual several fields: name, email, ..., comment. Suppose I have a field named myfield into which the person filling out the form would place information which SHOULD ONLY BE numbers and letters (0-9, a-z, A-Z, and ONLY the symbols .-,?!()$%

I need the code containing a preg_match( ) type statement (I understand ereg is deprecated and will be gone in 6.0) which will only allow the numbers, letter, and symbols indicated above AND will stop form submission if violated. And, where do I put the code (just above or below the field, or above or below <form ... </form>. I am hoping it can be within the page containing the form or a php file which is "included" in the page containing the form, but not replacing the form processor I want to use (<form action="...).

I understand the preg_match( ) type statement for an email field will look differently than that a typical text field (called myfield above) because it will involve verifying the form of the email address as well as the characters in the email address. Right now my concern is the code which should dictate what characters should be allowed in a typical text field (please call it myfield).

I am hoping if someone will help me that they will include in the code the error statement which should appear if other than an allowed character is entered and an action to stop the form submission.

I know I'm asking for a lot. Thanks.--John

Weedpacket

1jjlun wrote:
AND will stop form submission if violated.

Well it can't do that because the form has to be submitted before the server can see it. You'll need to do that in JavaScript.

Of course, that still means that it has to be done on the server as well because you can't trust the browser to run the script.

/[-.,?!()$&#37;A-Za-z0-9]/

1jjlun

Thanks, Weedpacket for the clarification.

What I need to do is simply to restrict the input into a simple text field, call it myfield, by allowing only the characters -.,?!()$%A-Za-z0-9 as legitimate. Code AND where to palce it? Javascript is not good enough as you point out. I need a PHP solution, involving preg_match. I need a complete "snippet" { Thanks for /[-.,?!()$%A-Za-z0-9]/ but what exactly do I do with this and where does it go?}

<form method="POST" ... (more stuff)>
.
.
.
<p>myfield <input type="text" name="myfield" size="20"> </p>
.
.
.
<p><input type="submit" ... (more stuff)><input type="reset" ... (more stuff)></p>

</form>

Thanks.

johanafm

It goes two places: in the php script that handles the post request and also in a javascript served with the form. Also, you want to match start of line, one or more characters and end of line, so regepx should be:
/^{[-.,?!()$%A-Za-z0-9]+$/;}

In the form, you could add an onkeyup or onchange event for the actual input field to validate input either as it occurs or when the control loses focus with changed data, or you add an onsubmit event to the form to validate all data before the form is submitted.

Also, you will want to add a range for number of matches of the character class

I'm assuming <form onsubmit="return validate();" ...>

function validate() {
	var d = document;
	var o = d.getElementById('inputfield');
	// I added +$ to the regexp. At least one character, and end of the string after the last char.
	var re = /^[-.,?!()$%A-Za-z0-9]+$/;
	var fail = !re.test(o.value);
	if (fail) {
		//...
		return false;
	}
	return true;
}

And then pretty much the same thing on the server again.

$re = "/^[-.,?!()$%A-Za-z0-9]+$/";
if (preg_match($re, $_POST['inputfield') == 0) {
	// no match
}
else {
	// ok
}

1jjlun

Thanks, both of you for your responses.