-5

Possible Duplicate:
Regular expression to limit number of characters to 10

I retrieve a POST to a standard form and I need to test two things:

  • The value must be 40 characters
  • The value must contain only letters and numbers

I think it is possible to do this with preg_match, but I do not know how.

Community
  • 1
  • 1
Julien
  • 1,946
  • 3
  • 33
  • 51

5 Answers5

1

In the global $_POST you have all your posted data on the http request.

then:

$myvar = $_POST['your_posted_variable_here'];

$result = preg_match('/^([\w\d]){40}$/i', $myvar);

$result will be true if your posted data only contains letters and digits and is 40 characters long, otherwise will be false.

slash28cu
  • 1,614
  • 11
  • 23
0

For exactly 40 characters:

^[a-zA-Z0-9]{40}$

For at least 40 characters:

^[a-zA-Z0-9]{40,}$

jfmatt
  • 926
  • 5
  • 14
  • 1
    ^[a-zA-Z0-9]{40}[a-zA-Z0-9]*$ that's rediculous... you should use ^[a-zA-Z0-9]{40,}$ the DRY principle still applies to regex. – HenchHacker Nov 08 '12 at 20:07
  • You're right, I forgot about openended brackets. – jfmatt Nov 08 '12 at 20:09
  • Easily done when theres so many meta characters, etc ;) – HenchHacker Nov 08 '12 at 20:10
  • I wonder if there's a performance difference between the two. Obviously it's not going to make a noticeable difference on the scale of PHP regex, but does separating out the fixed part change anything? – jfmatt Nov 08 '12 at 20:14
  • what do you mean "seperating out the fixed" part? In general, if you can get away with NOT using regex, then do it. The other string handling functions like substr strpos etc are much much faster than regex. – HenchHacker Nov 08 '12 at 21:20
  • Sure, of course non-regex is faster. I meant between my original answer and what you corrected it to - does it make a difference one way or the other to search for two sections of a pattern rather than one, given that one is of fixed rather than variable length? Regex is generally slower with more complicated patterns, of course, but I'm curious about this particular case. – jfmatt Nov 09 '12 at 01:27
  • fixed length is usually faster in anything relating to computers ;) this is no exception. – HenchHacker Nov 10 '12 at 18:47
  • Obviously, but there's still a variable-length section to be taken care of afterwards. – jfmatt Nov 10 '12 at 19:28
  • Yeahhhh, i'm just confused now >< haha. Time to re-read the comments. "^[a-zA-Z0-9]{40}[a-zA-Z0-9]*$" VS "^[a-zA-Z0-9]{40,}$"... hmmm... i would say the first is just a tad faster because the engine won't have to discard the first sub pattern to then load a new one (the [...]* part). Just an educated guess though :) – HenchHacker Nov 11 '12 at 20:34
0

Information on preg_match

http://php.net/manual/en/function.preg-match.php

if (preg_match("@^[a-z0-9]{40}$@mis", $_POST['username'])) {
    print 'matched';
}
HenchHacker
  • 1,616
  • 1
  • 10
  • 16
  • Why the `m` and `s` flags? Do they matter? – Salman A Nov 08 '12 at 20:21
  • @SalmanA `m` does matter, otherwise it would match inputs where _any_ line has exactly 40 characters, all alphanumeric – John Dvorak Nov 08 '12 at 20:23
  • 1
    @SalmanA Actually, `m` does the opposite than I claimed (apology). If multiline is on, `^` and `$` _do_ match line breaks (which isn't desired here): http://www.regular-expressions.info/modifiers.html – John Dvorak Nov 08 '12 at 20:29
  • According to the same documentation, `s` = "dot matches all", which doesn't have an effect in this regex. – John Dvorak Nov 08 '12 at 20:30
0

You can also check the length of the string using strlen() first, then if it satisfies the desired length, go forth with the checking of alpha numerics.

But General has the right idea...

Here's another way:

preg_match("/^[0-9a-zA-Z_]{40,}$/", $_POST["something"])

This is alpha numeric, and checks for at least 40 characters, but will accept more. The missing value after the comma means that it can be of any value equal or bigger than 40.

Will Ashworth
  • 1,058
  • 3
  • 13
  • 28
0

PHP provides a function for checking alphanumeric characters ctype_alnum and strlen to check the length of a string so using both functions you can validate it

$yourInput=$_POST['yourInput'];
if(ctype_alnum($yourInput) && strlen($strlen)==40)
{
    //...
}
The Alpha
  • 143,660
  • 29
  • 287
  • 307
  • This approach has more simplicity than using a regex, but LESS PERFORMANCE. – slash28cu Nov 08 '12 at 20:14
  • @slash28cu, `LESS PERFORMANCE` such as ? – The Alpha Nov 08 '12 at 20:18
  • @SheikhHeera I don't think performance is top-priority here, but: `strlen` may have to iterate the whole string to get its length, while a regex only has to read the first 40 characters to find the string is longer. – John Dvorak Nov 08 '12 at 20:20
  • @Sheikh Heera . From php manual http://www.php.net/manual/en/function.ctype-alnum.php#94989 – slash28cu Nov 08 '12 at 20:20
  • @Sheikh Heera .Also is a more elegant way to use regex, also notice that your if have to conditions to evaluate rather than just a simple regex. – slash28cu Nov 08 '12 at 20:21
  • @slash28cu not a mention of performance in the linked document. – John Dvorak Nov 08 '12 at 20:22
  • @slash28cu, sounds logical but like you said performance is not top-priority here so I think it's the simplest one. – The Alpha Nov 08 '12 at 20:22
  • GUYS, Read well. is in there. """ ctype_alnum() is a godsend for quick and easy username/data filtering when used in conjunction with str_replace(). Let's say your usernames have dash(-) and underscore(_) allowable and alphanumeric digits as well. Instead of a regex you can trade a bit of performance for simplicity.""" This has been textual from the link. – slash28cu Nov 08 '12 at 20:23
  • 1
    @slash28cu: do you have an actual benchmark and result to support your argument? – Salman A Nov 08 '12 at 20:24
  • @slash28cu didn't notice, sorry. Still an unsourced claim by the commenter. – John Dvorak Nov 08 '12 at 20:25
  • 2
    @Sheik Heera . i know that every problem has multiple solutions, and if somebody doesn't know how to write this EXTREMELY simple regex can use this approach, otherwise i think regex are a very elegant solution and in this case is as simple as your answer. – slash28cu Nov 08 '12 at 20:26
  • @Salman. I don't think that you need a benchmarking tool just to realize that even if in this case is not significative to the app, A regex have by far much better perfomance than multiple string manipulation functions inside an if statement. – slash28cu Nov 08 '12 at 20:28
  • @slash28cu, I didn't say you are wrong and yes everyone has unique thoughts so basically we have different view and we act like so. – The Alpha Nov 08 '12 at 20:29
  • 1
    @SheikhHeera Of course. I am not saying you are wrong either , i am just highlighting a performance comparison between string manipulation functions and a regex. But of course we all have different approaches. – slash28cu Nov 08 '12 at 20:30