How to check for white spaces and special characters









up vote
0
down vote

favorite












I am trying to code a form for a login using php to check it. But I can't get it to check the if I have any whitespaces and special characters for the username. I tried using the [W]+ but that did not work.



 <?php

 $usernerr = "";
 $passwerr = "";
 $usern = "";
 $passw = "";
 $pattern = '/['/~`!@#$%^&*()_-+=[]|;:"<>,.?\]/';
 if($_SERVER['REQUEST_METHOD'] == 'POST')
 
 if(empty($_POST['uname']))
 
 $usernerr = "*Please add a username please!";
 
 else
 !preg_match($pattern, $usern))
 
 $usernerr = "*Username have only letters and numbers!";
 
 $usernerr = "";
 

 if(empty($_POST['psw']))
 
 $passwerr = "*Please add a password please!";
 
 else
 
 $passw = clearInput($_POST['psw']);
 $passwerr = "";
 
 

 function clearInput($input)
 
 $input = trim($input);
 $input = stripslashes($input);
 $input = htmlspecialchars($input);
 return $input;
 
 ?>





php authentication







share|improve this question

















  • 1




    Instead of checking for specific forbidden characters, check if the string contains anything other than the allowed characters.
    – Magnus Eriksson
    Nov 10 at 16:21











  • I'd use php.net/manual/en/function.ctype-alnum.php If Username have only letters and numbers are the rules. I also would remove that clearInput function, is that to prevent SQL injections or XSS?
    – user3783243
    Nov 10 at 16:22







  • 3




    Also, everytime I see functions like your checkInput(), I cringe. That usually means that you're doing something wrong. If it is there for protecting yourself against SQL injections, it's not good enough. Also, escaping and changing the password is a bad idea. Let's keep the password as is, since you're only suppose to store the password hash anyway.
    – Magnus Eriksson
    Nov 10 at 16:23















up vote
0
down vote

favorite












I am trying to code a form for a login using php to check it. But I can't get it to check the if I have any whitespaces and special characters for the username. I tried using the [W]+ but that did not work.



 <?php

 $usernerr = "";
 $passwerr = "";
 $usern = "";
 $passw = "";
 $pattern = '/['/~`!@#$%^&*()_-+=[]|;:"<>,.?\]/';
 if($_SERVER['REQUEST_METHOD'] == 'POST')
 
 if(empty($_POST['uname']))
 
 $usernerr = "*Please add a username please!";
 
 else
 !preg_match($pattern, $usern))
 
 $usernerr = "*Username have only letters and numbers!";
 
 $usernerr = "";
 

 if(empty($_POST['psw']))
 
 $passwerr = "*Please add a password please!";
 
 else
 
 $passw = clearInput($_POST['psw']);
 $passwerr = "";
 
 

 function clearInput($input)
 
 $input = trim($input);
 $input = stripslashes($input);
 $input = htmlspecialchars($input);
 return $input;
 
 ?>





php authentication







share|improve this question

















  • 1




    Instead of checking for specific forbidden characters, check if the string contains anything other than the allowed characters.
    – Magnus Eriksson
    Nov 10 at 16:21











  • I'd use php.net/manual/en/function.ctype-alnum.php If Username have only letters and numbers are the rules. I also would remove that clearInput function, is that to prevent SQL injections or XSS?
    – user3783243
    Nov 10 at 16:22







  • 3




    Also, everytime I see functions like your checkInput(), I cringe. That usually means that you're doing something wrong. If it is there for protecting yourself against SQL injections, it's not good enough. Also, escaping and changing the password is a bad idea. Let's keep the password as is, since you're only suppose to store the password hash anyway.
    – Magnus Eriksson
    Nov 10 at 16:23













up vote
0
down vote

favorite









up vote
0
down vote

favorite











I am trying to code a form for a login using php to check it. But I can't get it to check the if I have any whitespaces and special characters for the username. I tried using the [W]+ but that did not work.



 <?php

 $usernerr = "";
 $passwerr = "";
 $usern = "";
 $passw = "";
 $pattern = '/['/~`!@#$%^&*()_-+=[]|;:"<>,.?\]/';
 if($_SERVER['REQUEST_METHOD'] == 'POST')
 
 if(empty($_POST['uname']))
 
 $usernerr = "*Please add a username please!";
 
 else
 !preg_match($pattern, $usern))
 
 $usernerr = "*Username have only letters and numbers!";
 
 $usernerr = "";
 

 if(empty($_POST['psw']))
 
 $passwerr = "*Please add a password please!";
 
 else
 
 $passw = clearInput($_POST['psw']);
 $passwerr = "";
 
 

 function clearInput($input)
 
 $input = trim($input);
 $input = stripslashes($input);
 $input = htmlspecialchars($input);
 return $input;
 
 ?>





php authentication







share|improve this question













I am trying to code a form for a login using php to check it. But I can't get it to check the if I have any whitespaces and special characters for the username. I tried using the [W]+ but that did not work.



 <?php

 $usernerr = "";
 $passwerr = "";
 $usern = "";
 $passw = "";
 $pattern = '/['/~`!@#$%^&*()_-+=[]|;:"<>,.?\]/';
 if($_SERVER['REQUEST_METHOD'] == 'POST')
 
 if(empty($_POST['uname']))
 
 $usernerr = "*Please add a username please!";
 
 else
 !preg_match($pattern, $usern))
 
 $usernerr = "*Username have only letters and numbers!";
 
 $usernerr = "";
 

 if(empty($_POST['psw']))
 
 $passwerr = "*Please add a password please!";
 
 else
 
 $passw = clearInput($_POST['psw']);
 $passwerr = "";
 
 

 function clearInput($input)
 
 $input = trim($input);
 $input = stripslashes($input);
 $input = htmlspecialchars($input);
 return $input;
 
 ?>





php authentication




php authentication






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 10 at 16:13









Darker Minecraft

154




154







  • 1




    Instead of checking for specific forbidden characters, check if the string contains anything other than the allowed characters.
    – Magnus Eriksson
    Nov 10 at 16:21











  • I'd use php.net/manual/en/function.ctype-alnum.php If Username have only letters and numbers are the rules. I also would remove that clearInput function, is that to prevent SQL injections or XSS?
    – user3783243
    Nov 10 at 16:22







  • 3




    Also, everytime I see functions like your checkInput(), I cringe. That usually means that you're doing something wrong. If it is there for protecting yourself against SQL injections, it's not good enough. Also, escaping and changing the password is a bad idea. Let's keep the password as is, since you're only suppose to store the password hash anyway.
    – Magnus Eriksson
    Nov 10 at 16:23













  • 1




    Instead of checking for specific forbidden characters, check if the string contains anything other than the allowed characters.
    – Magnus Eriksson
    Nov 10 at 16:21











  • I'd use php.net/manual/en/function.ctype-alnum.php If Username have only letters and numbers are the rules. I also would remove that clearInput function, is that to prevent SQL injections or XSS?
    – user3783243
    Nov 10 at 16:22







  • 3




    Also, everytime I see functions like your checkInput(), I cringe. That usually means that you're doing something wrong. If it is there for protecting yourself against SQL injections, it's not good enough. Also, escaping and changing the password is a bad idea. Let's keep the password as is, since you're only suppose to store the password hash anyway.
    – Magnus Eriksson
    Nov 10 at 16:23








1




1




Instead of checking for specific forbidden characters, check if the string contains anything other than the allowed characters.
– Magnus Eriksson
Nov 10 at 16:21





Instead of checking for specific forbidden characters, check if the string contains anything other than the allowed characters.
– Magnus Eriksson
Nov 10 at 16:21













I'd use php.net/manual/en/function.ctype-alnum.php If Username have only letters and numbers are the rules. I also would remove that clearInput function, is that to prevent SQL injections or XSS?
– user3783243
Nov 10 at 16:22





I'd use php.net/manual/en/function.ctype-alnum.php If Username have only letters and numbers are the rules. I also would remove that clearInput function, is that to prevent SQL injections or XSS?
– user3783243
Nov 10 at 16:22





3




3




Also, everytime I see functions like your checkInput(), I cringe. That usually means that you're doing something wrong. If it is there for protecting yourself against SQL injections, it's not good enough. Also, escaping and changing the password is a bad idea. Let's keep the password as is, since you're only suppose to store the password hash anyway.
– Magnus Eriksson
Nov 10 at 16:23





Also, everytime I see functions like your checkInput(), I cringe. That usually means that you're doing something wrong. If it is there for protecting yourself against SQL injections, it's not good enough. Also, escaping and changing the password is a bad idea. Let's keep the password as is, since you're only suppose to store the password hash anyway.
– Magnus Eriksson
Nov 10 at 16:23













1 Answer
1






active

oldest

votes

















up vote
2
down vote



accepted










Considering the error message you wrote, you are complicating yourself.



Instead of searching for the list of characters that aren't alpha num, search for alpha num only. Try using this pattern, and don't negate the condition.



$pattern = "/^[a-zA-Z0-9]+$/";
// Some code...
if(preg_match($pattern, $usern))
// ^-------------------------------Notice the changes

 //Username is valid



Description of the pattern :



^ from the begining



[a-zA-Z0-9] search an alpha num



+ 1 or more time



$ to the end



/^[a-zA-Z0-9]+$/can be replaced by /^[[:alnum:]]+$/ or /^[a-zd]+$/i which produce the same effect.






share|improve this answer


















  • 1




    There also is posix character class, [[:alnum:]]. I find [a-zd] with i modifier, or what your wrote easier though
    – user3783243
    Nov 10 at 16:28










Your Answer






StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53240850%2fhow-to-check-for-white-spaces-and-special-characters%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
2
down vote



accepted










Considering the error message you wrote, you are complicating yourself.



Instead of searching for the list of characters that aren't alpha num, search for alpha num only. Try using this pattern, and don't negate the condition.



$pattern = "/^[a-zA-Z0-9]+$/";
// Some code...
if(preg_match($pattern, $usern))
// ^-------------------------------Notice the changes

 //Username is valid



Description of the pattern :



^ from the begining



[a-zA-Z0-9] search an alpha num



+ 1 or more time



$ to the end



/^[a-zA-Z0-9]+$/can be replaced by /^[[:alnum:]]+$/ or /^[a-zd]+$/i which produce the same effect.






share|improve this answer


















  • 1




    There also is posix character class, [[:alnum:]]. I find [a-zd] with i modifier, or what your wrote easier though
    – user3783243
    Nov 10 at 16:28














up vote
2
down vote



accepted










Considering the error message you wrote, you are complicating yourself.



Instead of searching for the list of characters that aren't alpha num, search for alpha num only. Try using this pattern, and don't negate the condition.



$pattern = "/^[a-zA-Z0-9]+$/";
// Some code...
if(preg_match($pattern, $usern))
// ^-------------------------------Notice the changes

 //Username is valid



Description of the pattern :



^ from the begining



[a-zA-Z0-9] search an alpha num



+ 1 or more time



$ to the end



/^[a-zA-Z0-9]+$/can be replaced by /^[[:alnum:]]+$/ or /^[a-zd]+$/i which produce the same effect.






share|improve this answer


















  • 1




    There also is posix character class, [[:alnum:]]. I find [a-zd] with i modifier, or what your wrote easier though
    – user3783243
    Nov 10 at 16:28












up vote
2
down vote



accepted







up vote
2
down vote



accepted






Considering the error message you wrote, you are complicating yourself.



Instead of searching for the list of characters that aren't alpha num, search for alpha num only. Try using this pattern, and don't negate the condition.



$pattern = "/^[a-zA-Z0-9]+$/";
// Some code...
if(preg_match($pattern, $usern))
// ^-------------------------------Notice the changes

 //Username is valid



Description of the pattern :



^ from the begining



[a-zA-Z0-9] search an alpha num



+ 1 or more time



$ to the end



/^[a-zA-Z0-9]+$/can be replaced by /^[[:alnum:]]+$/ or /^[a-zd]+$/i which produce the same effect.






share|improve this answer














Considering the error message you wrote, you are complicating yourself.



Instead of searching for the list of characters that aren't alpha num, search for alpha num only. Try using this pattern, and don't negate the condition.



$pattern = "/^[a-zA-Z0-9]+$/";
// Some code...
if(preg_match($pattern, $usern))
// ^-------------------------------Notice the changes

 //Username is valid



Description of the pattern :



^ from the begining



[a-zA-Z0-9] search an alpha num



+ 1 or more time



$ to the end



/^[a-zA-Z0-9]+$/can be replaced by /^[[:alnum:]]+$/ or /^[a-zd]+$/i which produce the same effect.







share|improve this answer














share|improve this answer



share|improve this answer








edited Nov 10 at 16:30

























answered Nov 10 at 16:21









Cid

3,00421025




3,00421025







  • 1




    There also is posix character class, [[:alnum:]]. I find [a-zd] with i modifier, or what your wrote easier though
    – user3783243
    Nov 10 at 16:28












  • 1




    There also is posix character class, [[:alnum:]]. I find [a-zd] with i modifier, or what your wrote easier though
    – user3783243
    Nov 10 at 16:28







1




1




There also is posix character class, [[:alnum:]]. I find [a-zd] with i modifier, or what your wrote easier though
– user3783243
Nov 10 at 16:28




There also is posix character class, [[:alnum:]]. I find [a-zd] with i modifier, or what your wrote easier though
– user3783243
Nov 10 at 16:28

















draft saved

draft discarded
















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53240850%2fhow-to-check-for-white-spaces-and-special-characters%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Kleinkühnau

Image
Kleinkühnau Stadt Dessau-Roßlau 51.839444444444 12.184444444444 57 Koordinaten: 51° 50′ 22″  N , 12° 11′ 4″  O Höhe: 57 m Fläche: 9,93 km² Einwohner: 1649  (31. Dez. 2011) Bevölkerungsdichte: 166 Einwohner/km² Eingemeindung: 1. Oktober 1923 Eingemeindet nach: Dessau Postleitzahl: 06846 Vorwahl: 0340 Rathaus (Amtshaus Kühnau e. V.) Ev. Kirche Kleinkühnau Kleinkühnau ist ein Stadtteil von Dessau-Roßlau, einer kreisfreien Stadt im Bundesland Sachsen-Anhalt. Er liegt ungefähr vier Kilometer westlich des Stadtzentrums. Südlich der Kühnauer Straße befinden sich der Flugplatz Dessau, das Technikmuseum Hugo Junkers sowie der Standort der Polizeidirektion Sachsen-Anhalt Ost. Kleinkühnau hat 1649 Einwohner (Stand 31. Dezember 2011). Inhaltsverzeichnis 1 Geschichte 1.1 Bevölkerungsentwicklung 2 Siehe auch 3 Weblinks 4 E...
Read more

Makov (Slowakei)

Image
Makov Wappen Karte Makov Basisdaten Staat: Slowakei Kraj: Žilinský kraj Okres: Čadca Region: Kysuce Fläche: 46,052 km² Einwohner: 1.720 (31. Dez. 2017) Bevölkerungsdichte: 37 Einwohner je km² Höhe: 583  m n.m. Postleitzahl: 023 56 Telefonvorwahl: 0 41 Geographische Lage: 49° 22′  N , 18° 29′  O 49.366666666667 18.483333333333 583 Koordinaten: 49° 22′ 0″  N , 18° 29′ 0″  O Kfz-Kennzeichen: CA Kód obce: 509299 Struktur Gemeindeart: Gemeinde Verwaltung (Stand: November 2014) Bürgermeister: Martin Pavlík Adresse: Obecný úrad Makov 60 02356 Makov Webpräsenz: www.makov.sk Statistikinformation auf statistics.sk Makov (ungarisch Trencsénmakó – älter auch Makó , polnisch Maków ) ist eine Gemeinde in der Nordwestslowakei. Inhaltsverzeichnis 1 Geographie 1.1 Bevölkerung 2 Ge...
Read more

Deutsches Schauspielhaus

Image
Deutsches Schauspielhaus Hamburg Aktie über 1000 Mark der Deutsche Schauspielhaus AG vom 20. Juni 1899 Das Deutsche Schauspielhaus im Hamburger Stadtteil St. Georg ist mit 1200 Plätzen das größte Sprechtheater Deutschlands. Entstanden ist es durch eine private Initiative von Bürgern und der 1899 gegründeten „Aktiengesellschaft Deutsches Schauspielhaus“. Die Pläne stammen von dem Wiener Architekturbüro Fellner und Helmer, die das neobarocke Gebäude nach dem Vorbild des Wiener Volkstheaters gestalteten. Am 15. September 1900 wurde das Theater mit einer Aufführung der Iphigenie auf Tauris feierlich eröffnet. Der Name Deutsches Schauspielhaus knüpft an die Tradition des Hamburger Nationaltheaters an, das Mitte des 18. Jahrhunderts durch Hamburger Bürger betrieben wurde und an dem Gotthold Ephraim Lessing als Dramaturg tätig war. Das Schauspielhaus hat die Theatergeschichte der Stadt im 20. Jahrhundert entsc...
Read more