Results 1 to 9 of 9
  1. #1
    Join Date
    Aug 2007
    Posts
    906

    PHP input validation (eregi)

    Can someone please explain eregi()?

    I know (well, I think so - it works anyway) that for numbers only it's [0-9] and for letters it's [a-z], but what if I want either numbers or letters, or both (i.e. for a username or something)? Also, how would I make sure it's a valid email, and how to make sure it's a valid domain. I've looked on Google and php.net but I found it quite complicated

    One more thing, is eregi even right for this (validating input data), or is there a better function?

    Thanks

  2. #2
    Join Date
    Aug 2003
    Location
    California, USA
    Posts
    582
    Here is my personal validator:

    validator.class.php
    PHP Code:
    <?php
    class validator
    {
        var 
    $email_regex;
        
        public function 
    __construct()
        {
            
    $this->email_regex="/^([a-zA-Z0-9])+([\.a-zA-Z0-9_-])*@([a-zA-Z0-9_-])+(\.[a-zA-Z0-9_-]+)*\.([a-zA-Z]{2,6})$/";
        }

        public function 
    validateLength($string$minlength=5$maxlength=30)
        { 
            if (
    strlen($string) >= $minlength && strlen($string) <= $maxlength) return true;
            return 
    false;        
        }
        
        public function 
    validateEmail($email$minlength=7$maxlength=30)
        {
            if (!
    $this->matchRegex($this->email_regex$email) || !$this->validateLength($email$minlength$maxlength)) return false;
            return 
    true
        }
        
        public function 
    matchRegex($regex$string)
        {
            if (!
    preg_match($regex$string)) return false;
            return 
    true;           
        }    
    }
    ?>
    Here is a very, very simple procedural implementation of this code

    test.php
    PHP Code:
    <?php
    @require_once("validator.class.php"); // or you can copy paste the validator code into here
    if ($_POST)
    {
    $errors = array();
        
    $val = new validator;
        
        foreach (
    $_POST as $key => $value)
        {
            ${
    $key} = $value;
        }
        
        if (!
    $val->validateLength($name,3,200))
        {
            
    $errors[] = "Name is too short.";
        }
            if (!
    $val->validateEmail($email))
        {
            
    $errors[] = "Email is invalid.";
        }
        
        if (
    $errors)
        {
              
    showform($errors);
        } else {
            
    // form passed, do whatever with the data
        
    }
    } else {
    showform();
    }

    function 
    showform($errors=NULL)
    {
        if (
    $errors)
        {
            echo 
    "The following errors occured:";
            foreach (
    $errors as $error)
            {
                echo 
    "<br>" $error;
            }
        }
        echo 
    '<form method="post" action="' $_SERVER['PHP_SELF'] . '">';
        echo 
    'Name: <input type="text" name="name" value="' $_POST['name'] . '" /><br />';
        echo 
    'Email: <input type="text" name="email" value="' $_POST['email'] . '" /><br />';
        echo 
    '<input type="Submit" name="submit" value="submit" />';    
    }
    ?>


    ---
    --

    THE WATERED DOWN VERSION THAT YOU PROBABLY CARE ABOUT

    the function you are looking for is:
    PHP Code:
    <?php
    function checkEmail($email)
    {
        if (
    preg_match("/^([a-zA-Z0-9])+([\.a-zA-Z0-9_-])*@([a-zA-Z0-9_-])+(\.[a-zA-Z0-9_-]+)*\.([a-zA-Z]{2,6})$/"$email)) return true;
        return 
    false;
    }

    $email "no.me.gusta@mysubdomain.mydomain.com"// valid
    $email2 "fakeemail@nottrue"// invalid

    if (!checkemail($email))
    {
        echo 
    $email " is invalid";
    } else {
        echo 
    $email " is valid";
    }

    echo 
    "<br />";

    if (!
    checkemail($email2))
    {
        echo 
    $email2 " is invalid";
    } else 
    {
        echo 
    $email2 " is valid";
    }
    ?>
    Output:
    Code:
    no.me.gusta@mysubdomain.mydomain.com is valid
    fakeemail@nottrue is invalid

    Use preg_match, it's supposedly faster and it's what everyone uses.

    Sorry about the little lesson... also understanding how to match regex's is a ballpark of its own. I use that email regex and have yet to have an issue with it.

    Also one thing to note about regex's is limiting them TOO MUCH is a bad thing, as you will sometimes end up with wierd cases (such as somebody@musedoma.museum) (which is an actual TLD).

    The regex I use there is pretty flexible, but with that said emails like "me@myfake.tld" will work as well, but generally that isn't a big issue.
    Last edited by etogre; 03-19-2008 at 05:03 PM.

  3. #3
    Join Date
    Aug 2003
    Location
    California, USA
    Posts
    582
    Getting all ternary on it

    PHP Code:
    (!checkEmail($email2)) ? $errors[] = "Email is invalid." NULL

  4. #4
    Join Date
    Aug 2007
    Posts
    906
    Thanks for the explanation, but I still don't understand what this means

    PHP Code:
    "/^([a-zA-Z0-9])+([\.a-zA-Z0-9_-])*@([a-zA-Z0-9_-])+(\.[a-zA-Z0-9_-]+)*\.([a-zA-Z]{2,6})$/" 
    =\

  5. #5
    Join Date
    Aug 2003
    Location
    California, USA
    Posts
    582
    It's not so much understanding what it means, it's understanding that it works

    It's a regular expression, that searches the string to make sure it has characters a-Z-0-9 and . -, then it makes sure it has a @, and then finally that it has a . somewhere in the last part.

    Regular expressions (regexes) are like a programming language of their own almost.

  6. #6
    Meta-characters

    The power of regular expressions comes from the ability to include alternatives and repetitions in the pattern. These are encoded in the pattern by the use of meta-characters, which do not stand for themselves but instead are interpreted in some special way.

    There are two different sets of meta-characters: those that are recognized anywhere in the pattern except within square brackets, and those that are recognized in square brackets.
    http://www.php.net/manual/en/referen...ern.syntax.php

  7. #7
    Join Date
    Aug 2007
    Posts
    906
    Would this be okay for a username/password? (Would it just allow a-z, A-Z and 0-9?)

    PHP Code:
    eregi('[a-zA-Z0-9]'$_POST['username'
    ?

  8. #8
    Join Date
    Aug 2003
    Location
    California, USA
    Posts
    582
    PHP Code:
    <?php
    function checkusername($str)
    {
        return (
    preg_match('|^[A-Z\d_-]{5,20}$|i'$str));
    }
    ?>
    "bad`u-ser'name" returns false
    "goodusername05" returns true

  9. #9
    Join Date
    Aug 2002
    Location
    Canada
    Posts
    667
    That may get tedious though, as you are assuming that your users really want to retype usernames until they get it right. To avoid that kind of attrition (possible!), I'd recommend cleaning it up to your satisfaction and telling the user that the username used differs from the one they typed.

    PHP Code:
    $username ereg_replace"[^[:alnum:]_]"""$username 
    Just a $0.02
    Alex
    circlical - hosting software development
    forums * blog

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •