PHP String Doesn't Allow < and > Characters

PHP: Check that a string doesn't contain any special characters but periods

I use the PHP filter to check if a domain name or host is valid. Not sure if it does everything you need:

filter_var($urlToFilter, FILTER_VALIDATE_URL) !== false)

How to check if a string contains certain characters

There is bad logic, you can't use in_array for testing whole string against array of disallowed characters. Use foreach instead.

<?php

$strings = [
    'Good string.',
    'Bad : string.'
];

$disallowedChars = array('\\', '/', ':', '*', '?', '"', '<', '>', '|');

// this foreach is just for looping over two strings
foreach ($strings as $str) {
    $clean = false;

    // here is the main point of your question, loop over all disallowed chars and check if char is in string (strpos)
    foreach ($disallowedChars as $dis) {
        if (strpos($str, $dis) !== FALSE) {
            $clean = true;
        }   
    }

    echo $clean ? 'String is OK' : 'String contain bad chars';
    echo '<br>';
    
    // for 'Good string.' returns 'String is OK'
    // for 'Bad : string.' returns 'String contain bad chars'
}

How do I check if a string is composed only of letters and numbers? (PHP)

You can use the ctype_alnum() function in PHP.

From the manual..

Check for alphanumeric character(s)

Returns TRUE if every character in text is either a letter or a digit, FALSE otherwise.

var_dump(ctype_alnum("æøsads")); // false
var_dump(ctype_alnum("123asd")); // true
  • Live demo at https://3v4l.org/5etr7

check if string contains any character other than what's allowed

I recently asked how to make this Just Do The Right Thing, and learned that it’s rather prickly to get everything quite right.

If you can’t get /\w/u to work right for you on Unicode, it is mostly like /[\pL\pM\p{Nd}\p{Nl}\p{Pc}]/u.

Validate string to contain only qualifying characters and a specific optional substring in the middle

Use negative lookarounds. Negative lookahead (?!=>) at the beginning to prohibit beginning with =>, and negative lookbehind (?<!=>) at the end to prohibit ending with =>.

^(?!=>)(?:[a-zA-Z0-9-_]+(=>)?)+(?<!=>)$

DEMO

database doesn't allow special chars even after using mysqli_real_escape_string

You need to properly URL-encode the value that you are sending.

Right now, you are sending text5=lkf+alu@craftwebart.com – and in this URL context, + is the “replacement” character for a space character. That is why your script was inserting the space char into the database, not because there was something wrong with the insertion into the database per se. (Although, as mentioned, using mysqli_real_escape_string in combination with prepared statements is wrong. mysqli_real_escape_string is used to mask special characters that are inserted into the SQL syntax directly, so that they can not be confused with the actual SQL syntax. When using prepared statements with placeholders however, SQL command and data are send to the database separate from each other, so that danger does not exist in this context.)

So, you need to use

ajax.send("text5="+encodeURIComponent(form));

to send your data to the server. encodeURIComponent takes care of encoding the data properly for the URL context. It will make the + character into %2B, so that it can be send in that context safely, and PHP will decode it back to a + automatically.

Allow only some letters, ban special characters ($% etc.) except others (' -)

I can't reproduce the failure cases here (Авпа Вапапва á-ź John validates just fine), but you can simplify the regex a lot - you don't need that lookahead assertion:

preg_match('/^[a-zα-ωá-źа-яա-ֆა-ჰא-ת][a-zα-ωá-źа-яա-ֆა-ჰא-ת\' -]*$/i', $first_name)

As far as I can tell from the character ranges you've given, you don't need to exclude the digits because anything outside these character classes will already cause the regex to fail.

Another consideration: If your goal is to allow any letter from any language/script (plus some punctuation and space) you can (if you're using Unicode strings) further simplify this to:

preg_match('/^\pL[\pL\' -]*$/iu', $first_name)

But generally, I wouldn't try to validate a name by regular expressions (or any other means): Falsehoods programmers believe about names.

how to check for special characters php

<?php

$string = 'foo';

if (preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬-]/', $string))
{
    // one or more of the 'special characters' found in $string
}

Related Topics

Simplexml Soap Response Namespace Issues

How to Use an Object Method as a Callback Function

PHP Using Declare? What Is a Tick

Php/Pdo/Mysql: Inserting into Mediumblob Stores Bad Data

Admin Product Pages Custom Field Displayed in Cart and Checkout

Excel - Getting the Top 5 Data of a Column and Their Matching Title But Produces Duplicates

Is There Any Difference Between _Dir_ and Dirname(_File_) in PHP

When to Use a Class VS. Function in PHP

Loop Through All Months in a Date Range

Limit Pagination Page Number

PHP String Doesn't Allow < and > Characters

How to Read a .Txt File with PHP

Warning: Imagettftext() [Function.Imagettftext]: Could Not Find/Open Font in /Home/A2424901/Public_Html/Index.PHP on Line 35

Strange Echo, Print Behaviour in PHP

Coverting Hex to Image in PHP

How to Read About Conditionals Done with "" and ":" (Colon)

Regular Expression Preg_Quote Symbols Are Not Detected

Best Place for Validation in Model/View/Controller Model


Leave a reply



Submit