0

I am using this preg_match value to verify that the input into the server is clean from all sorts of malicious characters.

preg_match('/^[a-zA-Z)(\!@&,0-9\?_\-\.\s\*&\$\r\n]{0,'. $str_length.'}$/',$_POST['text'])

If there's no match I return false, and the server won't accept it. I would like to add links to that input. so that I can get:

"hello there, this is my picture: http://myserver.com/imgs/user-images/user222.jpg 
and this is my dog http://myserver.com/imgs/user-images/user222-dog.jpg"

How can I add links to my input?

Ted
  • 3,805
  • 14
  • 56
  • 98
  • According to your regex all you are doing is checking the first character only. Unless you are missing part of your regex, which it seems you are as you don't have an ending delimiter or closing quote. – kittycat Feb 01 '13 at 10:47

1 Answers1

2

I think you should rather use something like htmlentities and your RDBMS library tools to avoid malicious characters rather than implement your own regex. Yours seems very restrictive : no + sign, no colon, no semi-colon, no percent... I don't know what your application is, but users might dislike that.

Fabien
  • 12,486
  • 9
  • 44
  • 62
  • I'll be very grateful if you could explain a bit more on how to do this right, I just wrote another question: [This question](http://stackoverflow.com/questions/14644919/php-safely-receiving-user-input) – Ted Feb 01 '13 at 11:06