Regular Expression Validation Puzzle

Report · Mar 09, 2008

Simple validation of a incomming contact name ..

$contact_name = trim($_POST['contact_name']);
if (!ereg("^([a-zA-Z \'-]+){5,10}$", $contact_name))
{ $errors [] = 'Enter valid contact name'; }

As you can see the name must be u/l case alpha or space, apostophe or hyphen (I think that is all a name can be) and must be at least 5 chars and no more than 10 (just testing).

The character validation seems ok and it picks up when there is less that 5 chars, but the max parameters doesn't seem to work at all - any ideas?

PS. Is there a routine that strips out more than one space between words, e.g if someone entered 'John Smith', it would return 'John Smith'?,
Thanks.

Report · Mar 09, 2008

patricktr wrote:
> The character validation seems ok and it picks up when there is less that 5
> chars, but the max parameters doesn't seem to work at all - any ideas?

The problem is the +. Also, you should stop using ereg, as it is being
removed from PHP 6. Use the PCRE functions instead.

> PS. Is there a routine that strips out more than one space between words, e.g
> if someone entered 'John Smith', it would return 'John Smith'?,

This will do the validation for you, and strip out extra whitespace at
the same time:

$name = trim(preg_replace('/\s+/', ' ', $_POST['contact_name']));
if (!preg_match("/^[-a-z'\s]{5,10}$/i", $name)) {
$errors[] = 'Enter valid contact name';
}

--
David Powers, Adobe Community Expert
Author, "The Essential Guide to Dreamweaver CS3" (friends of ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/

Report · Mar 09, 2008

Hi David,

Thanks very much for taking the time to respond and thanks for the tip re. ereg - I'll make a point of using preg from now on and yes the max feature is now working. However you're testing repeatedly, it goes into a state where it always reports an error - e.g.'Enter valid contact name: Jo O\'Kane' (the '\' character is added by the system - see below) ?

I thought I'd twigged my own problem re. removing extra spaces when I came across using 'explode' & 'implode' but your solution is much neater.

Would you mind explaining what is happening here as it is not obvious (to me anyway) as I would like to be able to use this technique again but I can't understand the statements although obviously I can see what they are doing.

PS. I the interim period I raised another query about the recording names with an apostrophe (e.g. O'Reilly) in a db.... basically it looks as if the name will be recorded as O\'Reilly ... any thoughts?

I'm now using this code based on what you sent me previously ...

$errors = array();
$val_cn = trim(preg_replace('/\s+/', ' ', $_POST['contact_name']));
if (!preg_match("/^[-a-z'\s]{5,10}$/i", $val_cn)) {
$val_cn = stripslashes($val_cn);
$val_cn = mysql_real_escape_string($val_cn);
$cn_html = htmlentities($val_cn);
{ $errors [] = 'Enter valid contact name: ' . $val_cn . ' ' . $cn_html; } }

will yeild 'O\'Reilly'

Thanks again - great stuff.
Patrick

Report · Mar 09, 2008

patricktr wrote:
> I raised another query about the recording names with
> an apostrophe (e.g. O'Reilly) in a db.... basically it looks as if the name
> will be recorded as O\'Reilly ... any thoughts?

Your server is using magic quotes, which is another feature that will be
removed entirely from PHP 6.

Either turn off magic quotes, or if it's something imposed by your
hosting company, use one of the techniques shown here:

http://docs.php.net/manual/en/security.magicquotes.disabling.php

--
David Powers, Adobe Community Expert
Author, "The Essential Guide to Dreamweaver CS3" (friends of ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/

Report · Mar 10, 2008

Once again, many thanks David.

Report · Mar 10, 2008

Hi David,

I have tried this and I am still getting an unexpectred error:
Joe O'Kane appears on my error message as invalid - Joe O\'Kane (11 Characters) whilst
Joe O-Kane appears as valid Joe O-Kane (10 Chars)?

I have tried both suggested scripts - my code is ...

$errors = array();
if (get_magic_quotes_gpc())
{ function undoMagicQuotes($array, $topLevel=true)
{ $newArray = array();
foreach($array as $key => $value)
{ if (!$topLevel) { $key = stripslashes($key); }
if (is_array($value)) {$newArray[$key] = undoMagicQuotes($value, false); }
else { $newArray[$key] = stripslashes($value); }
}
return $newArray;
}
$_GET = undoMagicQuotes($_GET);
$_POST = undoMagicQuotes($_POST);
$_COOKIE = undoMagicQuotes($_COOKIE);
$_REQUEST = undoMagicQuotes($_REQUEST);
}

//if (get_magic_quotes_gpc())
//{function stripslashes_deep($value)
//{ $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
//return $value; }
//$_POST = array_map('stripslashes_deep', $_POST); }

$val_cn = trim(preg_replace('/\s+/', ' ', $_POST['contact_name']));
$val_cn = mysql_real_escape_string($val_cn); // Just want to see the effect of this function
$cn_html = htmlentities($val_cn); // Just want to see the effect of this function

if (!preg_match("/^[-a-z'\s]{5,10}$/i", $val_cn))
{ $errors [] = 'Invalid contact name: ' . $val_cn . ' ' . $cn_html; }
else
{ $errors [] = 'Valid contact name: ' . $val_cn . ' ' . $cn_html; }

if (sizeof($errors) > 0)
// format and display error list
{ echo "<p class=\"val_err\"> Contact format error.</p>";
echo "<div class=\"val_err\"><ul>";
foreach ($errors as $e)
{ echo "<li>$e</li>"; }
echo "</div></ul>"; }

Any help much appreciated.
Regards.
Patrick

Report · Mar 10, 2008

patricktr wrote:
> $val_cn = mysql_real_escape_string($val_cn);

That line reinserts the backslash. You need to run the preg_match error
test *before* applying mysql_real_escape_string().

--
David Powers, Adobe Community Expert
Author, "The Essential Guide to Dreamweaver CS3" (friends of ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/

Report · Mar 11, 2008

Check ... got it this time ... I think .... until the next time.
Adiós Amigo
P.