Is denying access even with normal characters

0

This command line is not letting my form access the database even with all normal characters. Anyone who understands more than preg_match can help me?

if(!preg_match("/^[a-zA-Z]*$",$name)||!preg_match("/^[a-zA-Z]*$",$title)||!preg_match("/^[a-zA-Z]*$",$text)){ #verificando se o usuario está usando algum caractere invaido
            header("location: ../contato.php?contato=invalidcharacters");
            exit(); 
    
asked by anonymous 30.08.2017 / 05:49

1 answer

0

Your expression contains the wildcard character * . The quantifier * corresponds to the previous element ZERO or more times. So, even if the string does not contain any characters not allowed, the matcher will simply say: zero matches.

The right thing is to use + coincidence of characters preceded (NOT ALLOWED) one or more times.

Also missing / limits at end

Your corrected expression:

if(!preg_match("/^[a-zA-Z]+$/",$name)||!preg_match("/^[a-zA-Z]+$/",$title)||!preg_match("/^[a-zA-Z]+$/",$text)){

A suggestion

$string=$name.$title.$text;

if(!preg_match("/^[a-z]+?$/i", $string)){

 header("location: ../contato.php?contato=invalidcharacters");
 exit();

}
  

From the beginning ( ^ ) to the end ( $ ) of the string ONLY the amount that may be ( +? ) of aaz letters ( [a-z] ) uppercase or lowercase ( i ). / p>      

( ! ) is the negative of the condition of the expression, that is, if the string is not only uppercase or lowercase.

    
30.08.2017 / 09:17