Allow alphanumeric, punctuation, and spaces
I'm pretty new to regular expressions, and MAN do they give me a headache. They are so intimidating! For an email campaign I'm doing, a user will click a link out of the email with a few URL parameters filled in for them, to make filling out a form easier. I want to prevent any injection hacks or whatever it's called, but need to allow the $_GET parameters to be alphanumeric, have punctuation, and have spaces. If someone has a good method for this, I'd appreciate it, but right now I have:
foreach($_GET as $m=>$n) {
$get[$m] = preg_replace开发者_开发技巧('(^[a-z0-9 \-\_\.]+)i',' ',$n);
}
I would like to be able to replace all characters NOT found with this regular expression, which I believe I use ?!
, but I can't get that to work either. Any help in getting this to work would be appreciated!
You are missing delimiters and also you should put the +
out of the ending bracket ]
foreach($_GET as $m=>$n) {
$get[$m] = preg_replace("/[^a-zA-Z0-9 \-\_\.]+/"," ",$n);
}
Or:
foreach($_GET as $m=>$n) {
$get[$m] = preg_replace("#[^a-zA-Z0-9 \-\_\.]+#"," ",$n);
}
The ^
character lives within the square brackets. So your code should be:
$get[$m] = preg_replace('([^a-z0-9 \-\_\.]+)i',' ',$n);
精彩评论