0

I'm using !preg_match() for form field validation and it is working for multiple fields except ADDRESS.

I only want to permit 0-9. a-z, A-Z, #(hash/pound), ','(comma), -(dash) and spaces. You will see multiple attempts but all are allowing characters like: *£$

I've only posted relevant parts of the form:

if ($_SERVER["REQUEST_METHOD"] == "POST") {
# form continues:

# $telephone works.
else if (!preg_match('/^[0-9-()\s]{7,25}+$/D',$_POST["telephone"])) { //min/max length. Removed 'space' from [].
    if (strlen($_POST["telephone"]) < 7) {
        $telephoneErr = '<span class="input_error">Telephone entry no long enough. Please re-enter.</span>';
        echo $telephoneErr;
    } else {
        $telephoneErr = '<span class="input_error">For telephone only numbers, - dash, () and spaces allowed.</span>';
        echo $telephoneErr ;
    }
}
// Check telephone extension only contains numbers:
else if (!preg_match('/^[0-9]{0,6}$/',$_POST["extension"])) { //No * before $ as nothing to repeat!
    $extensionErr = '<span class="input_error">For telephone extension only numbers allowed. Maximum length 6.</span>';
    echo $extensionErr ;
}

// $county works:                   
// Check County has been selected:
# Reference: https://stackoverflow.com/questions/17139501/using-post-to-get-select-option-value-from-html/17139538

else if (!isset($_POST['county'])){                     
    $countyErr = '<span class="input_error">Please select the County your property is located in.</span>';
    echo $countyErr ;
}

// $subdiv works:                   
// Check $subdiv only contains letters, numbers and whitespace
else if (!preg_match("/^[a-zA-Z0-9 ]{1,150}$/",$_POST["subdiv"])) {
    $subdivErr = '<span class="input_error">For Subdivision/Resort only letters, numbers and space allowed</span>';
    echo $subdivErr;
}

// *** ADDRESS VALIDATION NOT WORKING ***
// Check if $address only contains numbers, letters, #, - and whitespace.
#https://stackoverflow.com/questions/396166/allowing-only-certain-characters-in-php
//   -\#\s]{1,150} then *$: causes compilation failure. - is for a range ior is it *?
//  -\#\s]{1,150} then $: allowed ,#£$
//  ,#\s-]{1,150} then +$: allowed £$
//  ,#\s-]{1,150} then +$: allowed $
//   ,#-]{1,150} then +$: allowed $£ (starts with a space)
//  \#\-\,\s]{1,150}+$: allowed £$*
//   \#-,]{1,150}+$: allowed $£* (starts with a space)
//  #-\s]{1,150}+$/D: Error message. Compilation failed. Invalid range in character class.

else if (!preg_match('/^[a-zA-Z0-9#\-\s]{1,150}+$/D',$_POST["subdiv"])) { //    allowed .,£$*
#else if (!preg_match('/^[a-zA-Z0-9\-\#\s]{1,150}+$/D',$_POST["subdiv"])) { # Allowed '£$,'.
    $addressErr = '<span class="input_error">For address only numbers, letters, # hash/pound, - dash and spaces allowed.</span>';
    echo $addressErr ;

// form then continues:             }
} else {
    // Sanitize variables:
    $fullname = clean_input($_POST["fullname"]);
    $email = clean_input($_POST["email"]);
    $country = clean_input($_POST["country"]);
    $telephone = clean_input($_POST["telephone"]);
    $extension = clean_input($_POST["extension"]);
    $county = clean_input($_POST["county"]);
    $subdiv = clean_input($_POST["subdiv"]);

// reCaptcha and email options.

# Sanitize variables and strip message of harmful characters:
# preg_replace / sanitize
# https://stackoverflow.com/questions/19167432/strip-bad-characters-from-an-html-php-contact-form (c2013: only 1 answer)
# https://stackoverflow.com/questions/129677/how-can-i-sanitize-user-input-with-php (c2014: htmlspecialchars?)
# https://wp-mix.com/php-sanitize-form-data/
# See also: filter_var($message, FILTER_SANITIZE_STRING);

function clean_input($data) {
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    $data = htmlentities(strip_tags($data), ENT_QUOTES, 'UTF-8');
    return $data;
}

    <input type="reset" name="Reset" value="Reset" />
    <input class="float_r" type="submit" name="Submit" value="Submit" />
</form>

On a cosmetic point, I'd like the error message pertaining to each fieldset to display and the foot of the fieldset rather than the bottom of my form. If there is an existing link for this please advise.

guvna
  • 9
  • 5
  • Not really sure what the problem is supposed to be here. https://regex101.com/r/ujjAjE/1 shows that yoiur expression does not match any more, once those characters you mentioned are contained in the subject string. (Doesn’t have to be all of them, a single one will make the pattern not match any more.) – CBroe Jul 08 '20 at 14:23
  • By using '!' I'm looking for something that doesn't match. So if £$* are used in the ADDRESS then the error should be invoked otherwise it will pass. – guvna Jul 08 '20 at 14:46
  • Maybe my problem is using {1,150} as I interpret this as meaning min/max? – guvna Jul 08 '20 at 14:49
  • OK I found two issues. The 1st was that I had the address field showing as $_POST["subdiv" instead of $_POST["address" so I changed that part. – guvna Jul 08 '20 at 16:07
  • The 2nd part is I changed the curly brackets from {1,150} to {1,} and the form work in Firefox. It doesn't however POST in Chrome so I'm checking that now. – guvna Jul 08 '20 at 16:09
  • Do I post a new question or just carry on with this one? – guvna Jul 08 '20 at 16:09
  • Form doesn't complete in Opera either so that'll be another issue altogether now. – guvna Jul 08 '20 at 16:24

0 Answers0