Preg_match and percent sign

Question

I have few questions regarding preg_match in php.

if(preg_match('#[^0-9 -&()+@._A-Za-z]#', $input)){
    $errors .= 'Sorry, username can\'t contain those characters.<br>';
}

This is my preg_match. I am kinda new to these codes. I have red that its better to use # on the end and beginning than / for unknown reason xD Anyone knows what is up with that?

My main problem is that this preg_match actually let strings with % (percent signs) through and it shouldn't. Why? and how to stop that?

Another question is this preg_match code good? It works fine (except % part) but can it fail?

Thank you :)

The `#` instead of `/` is because `/` is used in URLs and will need to be escaped in every instance. I prefer `~` because it is rarely used in data I'm parsing. Also these are referred to as delimiters, http://php.net/manual/en/regexp.reference.delimiters.php — chris85, Jul 27 '15 at 20:56
What is that even for? I mean first and last character (#,~,/)? — Morsus, Jul 27 '15 at 20:58
They are delimiters they tell the regex engine where the expression starts and ends. `When using the PCRE functions, it is required that the pattern is enclosed by delimiters` See that link at the end of my first comment. — chris85, Jul 27 '15 at 21:01
Not currently, if you were to add `#` to the list of characters not allowed though you would need to escape it `\#` or change the delimiters to an unused character. — chris85, Jul 27 '15 at 21:16

anubhava · Accepted Answer · 2015-07-27T20:55:46.480

5

this preg_match actually let strings with "%" (percent signs) through and it shouldn't. Why?

That is due to unescaped hyphen in the middle of your regex:

'#[^0-9 -&()+@._A-Za-z]#'
--------^

- is acting as range from space (32) to & (38) thus matching anything in between including % ( 37).

It should be used as:

'#[^-0-9 &()+@._A-Za-z]#'

Or

'#[^-\w &()+@.]#'

However without anchors this character class will match only one character. You should use:

'#^[^-\w &()+@.]+$#'

edited Jul 27 '15 at 20:55

answered Jul 27 '15 at 20:54

anubhava

761,203
64
569
643

1

Should probably use **anchors** as well. – hwnd Jul 27 '15 at 20:54
3

dat ascii range explanation tho <3 – iam-decoder Jul 27 '15 at 20:55
Nice explanation thank you. I understand now. Where i can find a table for characters and their meaning in the code? I tried to find it but I failed. – Morsus Jul 27 '15 at 21:00
1

On Linux/Unix you can just use `man ascii` on [see it online](http://www.manpagez.com/man/7/ascii/) – anubhava Jul 27 '15 at 21:11
Oh I didn't mean ascii characters i meant code characters inside preg_match parameter. – Morsus Jul 27 '15 at 21:17
You can get all the info here: http://php.net/manual/en/reference.pcre.pattern.syntax.php – anubhava Jul 27 '15 at 21:19
Ofcourse I just wanted to find out as much as i could. Thank you everyone! :) – Morsus Jul 28 '15 at 00:06
one more question,what are anchors? :S – Morsus Jul 28 '15 at 00:15
`^` and `$` are called anchors in regex for assessing start and end position respectively. – anubhava Jul 28 '15 at 03:36
I tested all preg_match-es you wrote and the last one (the one with anchors) isn't working well. But the '#[^-\w &()+@.]#' works pretty good :) – Morsus Jul 28 '15 at 16:15
Hmm that can be possible only if you anything other than `[^-\w &()+@.]` in your input data. Can you show output of `var_dump($input);` – anubhava Jul 28 '15 at 16:30
I used https://www.functions-online.com/preg_match.html for testing i input random characters...with last preg_match its all true :S – Morsus Jul 28 '15 at 16:45

Preg_match and percent sign

1 Answers1