preg_match include forward slash

php regex preg-match

10,643

It would seem that you have the "magic quote" feature of PHP active, which shouldn't be for security reasons: all the escaping of user inserted data should be done by your own code.

Anyway, if you want to keep things as they are now, replace your

preg_match("/^[A-Za-z0-9'?!-\s]+$/", $field)

with

preg_match("/^[A-Za-z0-9'?!-\s\\\\]+$/", $field )

the quadruple \ is there because you need to escape it both, for being in a string delimited with double quotes and for being in a regex.

10,643

Author by

nv39

Updated on September 03, 2022

Comments

nv39 over 1 year

This is the function I have that checks if the entered security question and/or answer contain malicious characters:

function validate_input($field) {
    $ErrorMessage = ""; 
    $field = preg_replace("/[\s]+is/", '', $field);
    if(preg_match("/^[A-Za-z0-9'?!-\s]+$/", $field ) ===0) {
        $ErrorMessage .= "<div class='error_message'>Potentially malicious characters found in:<i> " . $field . ",</i> please enter only alphanumeric characters</div/><br/>";
    } return $ErrorMessage;
}

When I enter something like "What's up?" for the question, it comes back with an error. When I do a var_dump on ($field) it comes back as "What\'s up?".

So how can I include the forward slash as an acceptable character?