带preg_match的字母数字模式php
[英]Alphanumeric pattern php with preg_match
问题描述
can somebody explain to me why this pattern is recognized as alphanumeric? 
有人可以向我解释为什么这种模式被识别为字母数字吗?
\\13\\13\\13\\13\\13\\13\\13\\13\\13234234\\3 \\ 13 \\ 13 \\ 13 \\ 13 \\ 13 \\ 13 \\ 13 \\ 13 \\ 13234234 \\ 3
Please see the image at this link enter link description here 请在此链接中查看图片,在此处输入链接说明
I wrote the code only to show you that it is recognized as alphanumeric 我编写代码只是为了向您展示它被识别为字母数字
EDIT 15.06.214 21:40 编辑15.06.214 21:40
I add some information I'm sorry i forgot. 我添加了一些信息,对不起,我忘记了。
The variables that you see are taken from an input form. 您看到的变量取自输入表单。 That's the code I used in order to make the information clean and ready to be inserted into the database. 那是我用来使信息整洁并准备插入数据库的代码。
PS: just for your information, the variable $errform is used later on to "trigger" the message of error on the page PS:仅供参考,稍后使用变量$ errform来“触发”页面上的错误消息
<?php
$username = $password = $fname = $lname = $mail = $id_dept = "";
$usernameERR = $passwordERR = $fnameERR = $lnameERR = $id_deptERR = "";
$errform = 2;
?>
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username = clean_data($_POST["username"]);
$password = clean_data($_POST["password"]);
$fname = clean_data($_POST["fname"]);
$lname = clean_data($_POST["lname"]);
$mail = clean_data($_POST["mail"]);
$id_dept = clean_data($_POST["id_dept"]);
if (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {
$usernameERR = "Only letters and numbers allowed";
}
if (!preg_match("/^[a-zA-Z0-9]*$/", $password)) {
$passwordERR = "Only letters and numbers allowed";
}
if (!preg_match("/^[a-zA-Z ]*$/", $fname)) {
$fnameERR = "Only letters and white space allowed";
}
if (!preg_match("/^[a-zA-Z ]*$/", $lname)) {
$lnameERR = "Only letters and white space allowed";
}
}
function clean_data($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
if (isset($_POST['submit'])) {
if ((!preg_match("/^[a-zA-Z0-9]*$/", $username))
|| (!preg_match("/^[a-zA-Z0-9]*$/", $password))
|| (!preg_match("/^[a-zA-Z ]*$/", $fname))
|| (!preg_match("/^[a-zA-Z ]*$/", $lname))) {
$errform = 1;
} else {
$errform = 0;
$con = mysqli_connect($hostdb,$userdb,$passwdb,$dbTEST);
if (mysqli_connect_errno()) {
echo "Impossibile connettersi a MySQL: " . mysqli_connect_error();
}
$username = mysqli_real_escape_string($con, $_POST['username']);
$password = md5(mysqli_real_escape_string($con, $_POST['password']));
$fname = mysqli_real_escape_string($con, $_POST['fname']);
$lname = mysqli_real_escape_string($con, $_POST['lname']);
$mail = mysqli_real_escape_string($con, $_POST['mail']);
$id_dept = mysqli_real_escape_string($con, $_POST['id_dept']);
if (!mysqli_query($con, "INSERT INTO user (id_user, username, password, fname, lname, mail, id_dept) VALUES (NULL, '$username', '$password', '$fname', '$lname', '$mail', '$id_dept')")) {
die ("Error: " . mysqli_error($con));
}
mysqli_close($con);
}
}
?>
EDIT 15/06/2014 22:41 编辑15/06/2014 22:41
Ok, 好,
sorry everybody I understood the source of the problem. 对不起,每个人我都知道问题的根源。
What I was checking was 我正在检查的是
(preg_match("/^[a-zA-Z0-9]*$/", $username))
In my code, $username got this treatment 在我的代码中,$ username得到了这种处理
$username = clean_data($_POST["username"]);
if (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {
$usernameERR = "Only letters and numbers allowed";
}
where 哪里
function clean_data($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
so when i post \\q\\q\\q\\q\\q\\q\\q\\q\\q this is stripped and become qqqqqqqqq 所以当我发布\\ q \\ q \\ q \\ q \\ q \\ q \\ q \\ q \\ q时,它被剥离并变成qqqqqqqqq
BUT, there are two problems. 但是,有两个问题。 First problems was that I was echoing this 第一个问题是我在回应这一点
echo "post username: " . $_POST["username"];
and comparing with this 并与此进行比较
echo "preg username " . preg_match("/^[a-zA-Z0-9]*$/", $username);
and it's clear that $_POST["username"] is not == to $username because this last one got the treatment of the clead_data function, while the POST not. 很明显,$ _POST [“ username”]不是==到$ username,因为最后一个对clead_data函数进行了处理,而POST则没有。
So when I was doing the preg_match, I was doing on $username = qqqqqqqqqqq (which is alphanumeric) while what i showed you was $_POST['username'] = \\q\\q\\q\\q\\q\\q\\q\\q\\q\\q\\q 因此,当我执行preg_match时,我正在执行$ username = qqqqqqqqqqq(字母数字),而我向您显示的是$ _POST ['username'] = \\ q \\ q \\ q \\ q \\ q \\ q \\ q \\ q \\ q \\ q \\ q \\ q
The second problem was that i was sending to the database this 第二个问题是我将这个发送到数据库
$username = mysqli_real_escape_string($con, $_POST['username']);
while I should have sent this 虽然我应该发送这个
$username = mysqli_real_escape_string($con, $username);
So on the database was arriving the NON CLEANED data. 因此,数据库上已到达NON CLEANED数据。
2 个解决方案
解决方案1
1 2014-06-15 16:42:04
Beacause You allowed that if it contain AZ or az or 0-9 characters and this string contain 13... and this is character that is allowed in RegExp.( /^[a-zA-Z0-9]+&/ ) 由于您允许它包含AZ或az或0-9字符,并且此字符串包含13 ...,这是RegExp。( /^[a-zA-Z0-9]+&/ )允许的字符。
You can resolve it by following pattern: 您可以通过以下模式解决它:
username: 用户名:
/^[a-zA-Z]+[0-9_]*?[a-zA-Z]*?&/
name: 名称:
/^[a-zA-Z]+[ ]*?[a-zA-Z]&/
解决方案2
0 2014-06-15 18:03:23
I think that your backslashes are ignored because they are not seen as literal backslashes but like backslashes that escape the following character. 我认为您的反斜杠被忽略了,因为它们不被视为字面反斜杠,而是像反斜杠一样转义了以下字符。 Since the escaped characters have no special meaning for a php string, backslahes are simply ignored. 由于转义字符对php字符串没有特殊含义,因此后缀仅被忽略。 To obtain the expected behaviour, you can use addslashes before performing the tests. 为了获得预期的行为,你可以使用addslashes在进行测试之前。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.