Regex help needed.
Um, ok. I need a regex that will do the following. I'm sorry but I have never been able to figure regex out in all the time I've been programming.
1) Ensure that a variable contains only lowercase letters, uppercase latters, numbers.
2) All other characters, including spaces, are stripped.
Try these tutorials:
And this very useful tool:
[^a-zA-Z0-9]+ will match all the non letter/number chars - preg_replace with an empty string.
Thanks. This is what I got out of it.
return ereg_replace('[^A-Za-z0-9]', '', $_GET[$name]);
May I ask a general question? What characters would one look for to avoid sql injection? Thanks in advance.
I've no idea if that works the same with ereg/POSIX - I always use PCRE (preg_match, preg_replace etc). Allegedly, they're faster although probably unlikely to be anything significant.
For SQL injection, always (1) quote and (2) escape strings. Run expected integers through intval() to make sure they really are integers.
Thanks. My statement worked just fine and I will run some tests, but I think that the mysqli binding functions take int casting into account already, do they not?
$stmt->bind_param('is', $id, $description);
i = integer
s = string
I will test this later myself, but if you have a quick answer...
Haven't used php5 or mysqli - couldn't say.
That's ok. I'll figure it out with a few simple tests. Thanks again McGruff!
Mysql: use mysql_escape_string();
Originally Posted by Serenarules
Other DBMS: usually str_replace("'","''") ; will do 95% of the trick. Other things really vary by DB platform.
Here's an alternative to Regex Coach:
Although I normally use Regex Coach, I've only heard positive comments on Regulator.