2

I am using preg_match for restrict the special characters in form post. Now I need to restrict some special characters only like %,$,#,* and I need to post like . How to possible to restrict some special characters only.

My code:

<?php $firstname=''; if(isset($_POST['submit'])) { $firstname=$_POST['firstname']; if(preg_match("/[^a-zA-Z0-9]+/", $firstname)) { echo 'Invalid Name'; } else { echo $firstname; } } ?> <html> <body> <form method="post"> <input type="text" name="firstname"/> <input type="submit" name="submit" value="Submit"/> </form> </body> </html>
Improve this question
2
  • 1
    Maybe this will help you. stackoverflow.com/a/14114419/466082 Commented Aug 13, 2014 at 8:33
  • I suggest allowing - as a character in firstnames.... haven't you every heard of Jean-Claude Van Damme? Though I can't think of any first names that contain numbers off the top of my head Commented Aug 13, 2014 at 8:38

2 Answers 2

Reset to default
3

You should use:

([%\$#\*]+)

to match those characters.

So in preg_match you should use:

if(preg_match("/([%\$#\*]+)/", $firstname)) { echo 'Invalid Name'; } else { echo $firstname; }
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

So, (^_^;) is a valid name?
@georg Of course not, but OP wanted only restrict selected characters
Look, your code is quite different from what the OP has, because he (correctly) whitelists, and you blacklist. Blacklisting never works.
3

Blacklisting (=enumerating invalid characters) is not an option in the unicode world. Consider for example, a "name" like this:

Ж☝ⓚƒ

You don't really want to blacklist all of these.

A whitelisting approach is, on the contrary, quite simple using the u mode and unicode properties:

var_dump(preg_match('/^[\p{L}\p{N}]+$/u', 'ßäßå')); // 1 var_dump(preg_match('/^[\p{L}\p{N}]+$/u', 'r2d2')); // 1 var_dump(preg_match('/^[\p{L}\p{N}]+$/u', 'w#t?')); // 0 var_dump(preg_match('/^[\p{L}\p{N}]+$/u', 'Ж☝ⓚƒ')); // 0

And since we're talking about validating real names, please read Falsehoods Programmers Believe About Names before you start complicating things.

Improve this answer

4 Comments

You could add some punctuations like ' or - for O'Connors or Jean-François
@M42: the linked article is quite helpful and entertaining - read it!
Sure, I've already read it, I just said it may have punctuation in name.
@M42: I understand. The thing is, if we start adding punctation, we should do this correctly (to disallow things like O'O'Connor) and then our assumptions about the structure will turn out wrong (they will do), and this is a never-ending story. There's no algorithm to validate every possible human name.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.