[英]Unable to match data with regular Expressions in PHP
I have a written a piece of code which accepts an input from the user and inserts it into the Data Base. 我编写了一段代码,该代码接受用户的输入并将其插入数据库。 The HTML code is as follows: HTML代码如下:
<td align="center"><textarea class="txt" required=required rows="3" name="Xschool" cols="30"></textarea></td>
And I need to check the data whether is has any special symbols. 而且我需要检查数据是否有任何特殊符号。 I used Regular Expression for it and is as follows: 我为此使用了正则表达式,如下所示:
$Xschool=$_POST['Xschool'];
$pattern = '/[A-Z ]+$/';
$Xschool=strtoupper($Xschool);
if(!preg_match($pattern,$Xschool))
{
echo "<pre>We are sorry. The X School ".$Xschool." is invalid. Make sure your name contains no special symbols/numbers.</pre>";
exit;
}
This code works correctly for many types of inputs but is not working for the input ST MARY'S
. 此代码对许多类型的输入均正确工作,但对输入ST MARY'S
不起作用。 When a ' symbol is encountered the code doesn't work well. 遇到'符号时,代码无法正常运行。 What should I do to overcome this? 我该怎么做才能克服这个问题? Please help me!! 请帮我!! Thanks in advance. 提前致谢。
Change the pattern so that it meets your needs. 更改模式,使其满足您的需求。 For that, you first need a very clear understanding about what your needs are. 为此,您首先需要非常清楚地了解您的需求。 '/[AZ ]+$/'
did not meet your needs; '/[AZ ]+$/'
不符合您的需求; will '/[AZ\\' ]+$/'
meet your needs? '/[AZ\\' ]+$/'
可以满足您的需求? What about accents? 口音呢? What about characters outside latin-based alphabets? 拉丁字母以外的字符呢? Answer these questions for yourself, then design a regular expression or other validation algorithm based on your answers. 自己回答这些问题,然后根据您的答案设计正则表达式或其他验证算法。
There's something wrong with your basic understanding. 您的基本理解有误。
/[AZ ]+$/ / [AZ] + $ /
will match any string that contains a line ending in AZ or space. 将匹配包含以AZ或空格结尾的行的任何字符串。
I suggest that you want: 我建议您要:
if(preg_match('/[^A-Z ]/', $Xschool))
{
...
}
Which will match any string containing a char that is not AZ or space. 它将匹配任何包含非AZ或空格的字符的字符串。
Simply include the ' in the match: 只需在匹配项中添加':
$Xschool=$_POST['Xschool'];
$pattern = "/[A-Z ']+$/";
$Xschool=strtoupper($Xschool);
if(!preg_match($pattern,$Xschool))
{
echo "<pre>We are sorry. The X School ".$Xschool." is invalid. Make sure your name contains no special symbols/numbers.</pre>";
exit;
}
Try this Regular expressions. 试试这个正则表达式。
[a-zA-Z0-9\'\s]{0,50}
this will allow small & capital character and 0 to 9 digit up to 50 name in length. 这将允许使用小写和大写字母以及0到9位数字,最多50个名字。
If you want to use only capital word then. 如果您只想使用大写字母,那么。
[A-Z\'\s]{0,50}
Try this 尝试这个
$Xschool=$_POST['Xschool'];
$pattern = '/^[a-zA-Z][a-zA-Z ]*$/';
$Xschool=strtoupper($Xschool);
if(!preg_match($pattern,$Xschool))
{
echo "<pre>We are sorry. The X School ".$Xschool." is invalid. Make sure your name contains no special symbols/numbers.</pre>";
exit;
}
Your pattern, /[AZ ]+$/
, does not include a starting anchor . 您的模式/[AZ ]+$/
不包含起始锚点 。 That means when you try to match it against ST MARY'S
, it matches the ending S
and your code doesn't see any errors. 这意味着,当您尝试将其与ST MARY'S
匹配时,它将与结尾S
匹配,并且您的代码看不到任何错误。 Changing the pattern to /^[AZ ]+$/
will fix that problem. 将模式更改为/^[AZ ]+$/
将解决该问题。
However, based on your comments you have a much bigger problem - you are blindly passing user input to the SQL query without sanitizing it, which means you are vulnerable to SQL injection attacks . 但是,根据您的评论,您会遇到更大的问题-您在不清理用户输入的情况下盲目将用户输入传递给SQL查询,这意味着您容易受到 SQL注入攻击的攻击 。 Learn the right way to defend against these attacks instead of coming up with misguided bandaids like this regex. 学习防御这些攻击的正确方法,而不要提出像该正则表达式这样的被误导的创可贴。
Another approach: 另一种方法:
Replace all VALID characters, in your scenario the A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,SPACE and any other VALID character with nothing "". 替换所有VALID字符,在您的方案中,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U ,V,W,X,Y,Z,SPACE和任何其他无效字符,不带“”。 Then, if the remaining string has length > 0 that means some other INVALID character must exist. 然后,如果剩余字符串的长度> 0,则意味着必须存在其他一些INVALID字符。
<?php
function isStringOnlyAZSPACE($the_string)
{
$valid_chars = array('A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',' ');
$the_string = str_replace($valid_chars, "", $the_string);
return (strlen($the_string)==0);
}
echo isStringOnlyAZSPACE("ST MARY'S")?"true":"false"; // FALSE
echo isStringOnlyAZSPACE("ST MARYS")?"true":"false"; // TRUE
?>
see it in action here http://3v4l.org/GvVi6 在此处查看其运行情况http://3v4l.org/GvVi6
i must also repeat the comment from @DCoder in your question "That is absolutely the wrong way to avoid SQL errors." 我还必须在您的问题中重复@DCoder的评论“这绝对是避免SQL错误的错误方法。”
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.