Problem in using single quotes with preg_match and filter_var() functions together
Question
I have run into a problem with filter_var(), preg_match(), and single quotes.
I am trying to sanitize and validate the last name for illegal characters. It works with almost everything but apparently last names containing single quotes like O'Corner are resulting in error.
I mean the $errors[] = 'Please use only alphabets, period, dash and spaces in the last name.'; is executing whenever I use single quotes in the user input field.
HTML code:
<input type="text" class="form-control" name="last_name" id="last_name" placeholder="Enter last name" maxlength="40" required value="<?php if (isset($_POST['last_name'])) { echo htmlspecialchars($_POST['last_name'], ENT_QUOTES); } ?>" title="Alphabets, quotes, dash, spaces and max 40 characters" pattern="^[a-zA-Z][a-zA-Z' -]*$">
PHP code:
$lname = filter_var($_POST['last_name'], FILTER_SANITIZE_STRING);
if (!empty($lname)) {
if (!preg_match("/^[a-zA-Z][a-zA-Z' -]*$/", $lname)) {
$errors[] = 'Please use only alphabets, period, dash and spaces in last name.';
} else if (strlen($lname) > 40) {
$errors[] = 'last name should not exceed 40 characters';
} else {
$lname = trim($lname);
}
} else {
$errors[] = 'Please enter your last name.';
}
I tried escaping the single quotes in the regular expression with backslash. But that did not work.
If I replace$lname = filter_var($_POST['last_name'], FILTER_SANITIZE_STRING);
with$lname = $_POST['lname'];
it works fine.
But I'm still not sure what's wrong with using string containing single quotes and $lname = filter_var($_POST['last_name'], FILTER_SANITIZE_STRING); with preg_match() method.
Could anyone help me?
Thank you in advance.
1 answers
solution1
0 ACCPTED 2020-07-31 06:15:05
Your problem is coming from the fact the specific call to the filter_var function is encoding the single quote ' into the html entity '
If you print the $lname variable in the browser, it will render as a regular single quote but in it's source it will not be a quote but the mentioned html entity.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.