Results 1 to 9 of 9
Thread: PHP input validation (eregi)
-
03-19-2008, 04:22 PM #1Web Hosting Master
- Join Date
- Aug 2007
- Posts
- 906
PHP input validation (eregi)
Can someone please explain eregi()?
I know (well, I think so - it works anyway) that for numbers only it's [0-9] and for letters it's [a-z], but what if I want either numbers or letters, or both (i.e. for a username or something)? Also, how would I make sure it's a valid email, and how to make sure it's a valid domain. I've looked on Google and php.net but I found it quite complicated
One more thing, is eregi even right for this (validating input data), or is there a better function?
Thanks
-
03-19-2008, 04:53 PM #2Web Hosting Master
- Join Date
- Aug 2003
- Location
- California, USA
- Posts
- 582
Here is my personal validator:
validator.class.php
PHP Code:<?php
class validator
{
var $email_regex;
public function __construct()
{
$this->email_regex="/^([a-zA-Z0-9])+([\.a-zA-Z0-9_-])*@([a-zA-Z0-9_-])+(\.[a-zA-Z0-9_-]+)*\.([a-zA-Z]{2,6})$/";
}
public function validateLength($string, $minlength=5, $maxlength=30)
{
if (strlen($string) >= $minlength && strlen($string) <= $maxlength) return true;
return false;
}
public function validateEmail($email, $minlength=7, $maxlength=30)
{
if (!$this->matchRegex($this->email_regex, $email) || !$this->validateLength($email, $minlength, $maxlength)) return false;
return true;
}
public function matchRegex($regex, $string)
{
if (!preg_match($regex, $string)) return false;
return true;
}
}
?>
test.php
PHP Code:<?php
@require_once("validator.class.php"); // or you can copy paste the validator code into here
if ($_POST)
{
$errors = array();
$val = new validator;
foreach ($_POST as $key => $value)
{
${$key} = $value;
}
if (!$val->validateLength($name,3,200))
{
$errors[] = "Name is too short.";
}
if (!$val->validateEmail($email))
{
$errors[] = "Email is invalid.";
}
if ($errors)
{
showform($errors);
} else {
// form passed, do whatever with the data
}
} else {
showform();
}
function showform($errors=NULL)
{
if ($errors)
{
echo "The following errors occured:";
foreach ($errors as $error)
{
echo "<br>" . $error;
}
}
echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '">';
echo 'Name: <input type="text" name="name" value="' . $_POST['name'] . '" /><br />';
echo 'Email: <input type="text" name="email" value="' . $_POST['email'] . '" /><br />';
echo '<input type="Submit" name="submit" value="submit" />';
}
?>
---
--
THE WATERED DOWN VERSION THAT YOU PROBABLY CARE ABOUT
the function you are looking for is:
PHP Code:<?php
function checkEmail($email)
{
if (preg_match("/^([a-zA-Z0-9])+([\.a-zA-Z0-9_-])*@([a-zA-Z0-9_-])+(\.[a-zA-Z0-9_-]+)*\.([a-zA-Z]{2,6})$/", $email)) return true;
return false;
}
$email = "no.me.gusta@mysubdomain.mydomain.com"; // valid
$email2 = "fakeemail@nottrue"; // invalid
if (!checkemail($email))
{
echo $email . " is invalid";
} else {
echo $email . " is valid";
}
echo "<br />";
if (!checkemail($email2))
{
echo $email2 . " is invalid";
} else
{
echo $email2 . " is valid";
}
?>
Code:no.me.gusta@mysubdomain.mydomain.com is valid fakeemail@nottrue is invalid
Use preg_match, it's supposedly faster and it's what everyone uses.
Sorry about the little lesson... also understanding how to match regex's is a ballpark of its own. I use that email regex and have yet to have an issue with it.
Also one thing to note about regex's is limiting them TOO MUCH is a bad thing, as you will sometimes end up with wierd cases (such as somebody@musedoma.museum) (which is an actual TLD).
The regex I use there is pretty flexible, but with that said emails like "me@myfake.tld" will work as well, but generally that isn't a big issue.Last edited by etogre; 03-19-2008 at 05:03 PM.
-
03-19-2008, 07:00 PM #3Web Hosting Master
- Join Date
- Aug 2003
- Location
- California, USA
- Posts
- 582
Getting all ternary on it
PHP Code:(!checkEmail($email2)) ? $errors[] = "Email is invalid." : NULL;
-
03-20-2008, 11:09 AM #4Web Hosting Master
- Join Date
- Aug 2007
- Posts
- 906
Thanks for the explanation, but I still don't understand what this means
PHP Code:"/^([a-zA-Z0-9])+([\.a-zA-Z0-9_-])*@([a-zA-Z0-9_-])+(\.[a-zA-Z0-9_-]+)*\.([a-zA-Z]{2,6})$/"
-
03-20-2008, 12:06 PM #5Web Hosting Master
- Join Date
- Aug 2003
- Location
- California, USA
- Posts
- 582
It's not so much understanding what it means, it's understanding that it works
It's a regular expression, that searches the string to make sure it has characters a-Z-0-9 and . -, then it makes sure it has a @, and then finally that it has a . somewhere in the last part.
Regular expressions (regexes) are like a programming language of their own almost.
-
03-20-2008, 04:16 PM #6Web Hosting Guru
- Join Date
- Nov 2003
- Posts
- 297
Meta-characters
The power of regular expressions comes from the ability to include alternatives and repetitions in the pattern. These are encoded in the pattern by the use of meta-characters, which do not stand for themselves but instead are interpreted in some special way.
There are two different sets of meta-characters: those that are recognized anywhere in the pattern except within square brackets, and those that are recognized in square brackets.
-
03-20-2008, 07:01 PM #7Web Hosting Master
- Join Date
- Aug 2007
- Posts
- 906
Would this be okay for a username/password? (Would it just allow a-z, A-Z and 0-9?)
PHP Code:eregi('[a-zA-Z0-9]', $_POST['username']
-
03-20-2008, 07:35 PM #8Web Hosting Master
- Join Date
- Aug 2003
- Location
- California, USA
- Posts
- 582
PHP Code:<?php
function checkusername($str)
{
return (preg_match('|^[A-Z\d_-]{5,20}$|i', $str));
}
?>
"goodusername05" returns true
-
03-20-2008, 09:48 PM #9Web Hosting Master
- Join Date
- Aug 2002
- Location
- Canada
- Posts
- 667
That may get tedious though, as you are assuming that your users really want to retype usernames until they get it right. To avoid that kind of attrition (possible!), I'd recommend cleaning it up to your satisfaction and telling the user that the username used differs from the one they typed.
PHP Code:$username = ereg_replace( "[^[:alnum:]_]", "", $username )
Alex