preg_match include forward slash
10,643
It would seem that you have the "magic quote" feature of PHP active, which shouldn't be for security reasons: all the escaping of user inserted data should be done by your own code.
Anyway, if you want to keep things as they are now, replace your
preg_match("/^[A-Za-z0-9'?!-\s]+$/", $field)
with
preg_match("/^[A-Za-z0-9'?!-\s\\\\]+$/", $field )
the quadruple \ is there because you need to escape it both, for being in a string delimited with double quotes and for being in a regex.
Author by
nv39
Updated on September 03, 2022Comments
-
nv39 over 1 year
This is the function I have that checks if the entered security question and/or answer contain malicious characters:
function validate_input($field) { $ErrorMessage = ""; $field = preg_replace("/[\s]+is/", '', $field); if(preg_match("/^[A-Za-z0-9'?!-\s]+$/", $field ) ===0) { $ErrorMessage .= "<div class='error_message'>Potentially malicious characters found in:<i> " . $field . ",</i> please enter only alphanumeric characters</div/><br/>"; } return $ErrorMessage; }
When I enter something like "What's up?" for the question, it comes back with an error. When I do a var_dump on ($field) it comes back as "What\'s up?".
So how can I include the forward slash as an acceptable character?