无法将数据与PHP中的正则表达式匹配

Question

I have a written a piece of code which accepts an input from the user and inserts it into the Data Base. The HTML code is as follows:

<td align="center"><textarea class="txt" required=required rows="3" name="Xschool" cols="30"></textarea></td>

And I need to check the data whether is has any special symbols. I used Regular Expression for it and is as follows:

    $Xschool=$_POST['Xschool'];
    $pattern = '/[A-Z ]+$/';
$Xschool=strtoupper($Xschool);

if(!preg_match($pattern,$Xschool))
{
    echo "<pre>We are sorry. The X School ".$Xschool." is  invalid. Make sure your name contains no special symbols/numbers.</pre>";
    exit;
}

This code works correctly for many types of inputs but is not working for the input ST MARY'S . When a ' symbol is encountered the code doesn't work well. What should I do to overcome this? Please help me!! Thanks in advance.

Answer 1

Change the pattern so that it meets your needs. For that, you first need a very clear understanding about what your needs are. '/[AZ ]+$/' did not meet your needs; will '/[AZ\\' ]+$/' meet your needs? What about accents? What about characters outside latin-based alphabets? Answer these questions for yourself, then design a regular expression or other validation algorithm based on your answers.

Answer 2

There's something wrong with your basic understanding.

/[AZ ]+$/

will match any string that contains a line ending in AZ or space.

I suggest that you want:

if(preg_match('/[^A-Z ]/', $Xschool))
{
 ...
}

Which will match any string containing a char that is not AZ or space.

Answer 3

Simply include the ' in the match:

    $Xschool=$_POST['Xschool'];
    $pattern = "/[A-Z ']+$/";
$Xschool=strtoupper($Xschool);

if(!preg_match($pattern,$Xschool))
{
    echo "<pre>We are sorry. The X School ".$Xschool." is  invalid. Make sure your name contains no special symbols/numbers.</pre>";
    exit;
}

Answer 4

Try this Regular expressions.

[a-zA-Z0-9\'\s]{0,50}

this will allow small & capital character and 0 to 9 digit up to 50 name in length.

If you want to use only capital word then.

[A-Z\'\s]{0,50}

Answer 5

Try this

 $Xschool=$_POST['Xschool'];
$pattern = '/^[a-zA-Z][a-zA-Z ]*$/';
$Xschool=strtoupper($Xschool);

if(!preg_match($pattern,$Xschool))
{
    echo "<pre>We are sorry. The X School ".$Xschool." is  invalid. Make sure your name contains no special symbols/numbers.</pre>";
    exit;
}

Answer 6

Your pattern, /[AZ ]+$/ , does not include a starting anchor . That means when you try to match it against ST MARY'S , it matches the ending S and your code doesn't see any errors. Changing the pattern to /^[AZ ]+$/ will fix that problem.

However, based on your comments you have a much bigger problem - you are blindly passing user input to the SQL query without sanitizing it, which means you are vulnerable to SQL injection attacks . Learn the right way to defend against these attacks instead of coming up with misguided bandaids like this regex.

Answer 7

Another approach:

Replace all VALID characters, in your scenario the A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,SPACE and any other VALID character with nothing "". Then, if the remaining string has length > 0 that means some other INVALID character must exist.

<?php

    function isStringOnlyAZSPACE($the_string)
    {
        $valid_chars = array('A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',' ');

        $the_string  = str_replace($valid_chars, "", $the_string);

        return (strlen($the_string)==0);
    }

    echo isStringOnlyAZSPACE("ST MARY'S")?"true":"false"; // FALSE

    echo isStringOnlyAZSPACE("ST MARYS")?"true":"false"; // TRUE

?>

see it in action here http://3v4l.org/GvVi6

i must also repeat the comment from @DCoder in your question "That is absolutely the wrong way to avoid SQL errors."