This command line is not letting my form access the database even with all normal characters. Anyone who understands more than preg_match can help me?
if(!preg_match("/^[a-zA-Z]*$",$name)||!preg_match("/^[a-zA-Z]*$",$title)||!preg_match("/^[a-zA-Z]*$",$text)){ #verificando se o usuario está usando algum caractere invaido
header("location: ../contato.php?contato=invalidcharacters");
exit();
Your expression contains the wildcard character * . The quantifier * corresponds to the previous element ZERO or more times. So, even if the string does not contain any characters not allowed, the matcher will simply say: zero matches.
The right thing is to use + coincidence of characters preceded (NOT ALLOWED) one or more times.
Also missing / limits at end
Your corrected expression:
if(!preg_match("/^[a-zA-Z]+$/",$name)||!preg_match("/^[a-zA-Z]+$/",$title)||!preg_match("/^[a-zA-Z]+$/",$text)){
A suggestion
$string=$name.$title.$text;
if(!preg_match("/^[a-z]+?$/i", $string)){
header("location: ../contato.php?contato=invalidcharacters");
exit();
}
From the beginning (
^) to the end ($) of the string ONLY the amount that may be (+?) of aaz letters ([a-z]) uppercase or lowercase (i). / p>(
!) is the negative of the condition of the expression, that is, if the string is not only uppercase or lowercase.