Regular expressions and validation in PHP

chris (2004-05-17 21:44:08)
4719 views
1 replies
Use PHP to match patterns in your validation code. I have a validation library, which I'll post here - it might look a bit odd, because I negate character classes and then negate the return bool in places - the purpose is to write a validator which behaves in the same way for whichever object is passed in.
<?php
/*
        validation library
        $Id: libvalidate.php,v 1.35 2003/10/25 01:35:31 chris Exp $
*/
 
function check_alpha($str){  // regular expressions validates strings of alphas only
        trim($str);
        # note class is negated with ^, so logic inverted
        if(!preg_match("/^[-a-zA-Z ']+$/i",$str)){
                return false;
        }
        return true;
}
 
function check_decimal($str){  // regular expressions checks for a decimal value
        trim($str);
        if(!preg_match("/^[d]+(.[d]+)?$/",$str)){
                return false;
        }
        return true;
}
 
function check_cc($str){  // don't use this for anything but the simplest credit card validation
        trim($str);
        if(!preg_match("/^[ d]+$/",$str)){
                return false;
        }
        return true;
}
 
function check_numeric($str){
        trim($str);
        if(!preg_match("/^[d]+$/",$str)){
                return false;
        }
        return true;
}
                                                                                                                             
function check_currency($str){   /// checks for no more than two decial places in match
        trim($str);
        if(!preg_match("/^[[:digit:]]+(.[[:digit:]]{1,2})?$/",$str)){
                return false;
        }
        return true;
}
                                                                                                                             
function check_hexadecimal($str){  // validate a hexadecimal number with this regular expression
        trim($str);
        if(!preg_match("/^[A-Fa-f0-9]+$/i",$str)){
                return false;
        }
        return true;
}
                                                                                                                             
function check_alphanumeric($str){  // validation for alphanumeric data
        trim($str);
        if(!preg_match("/^[-a-z0-9 ']+$/i",$str)){
                return false;
        }
        return true;
}
                                                                                                                             
function check_email($str){ /// email address validation
        $str = trim($str);
        if(!preg_match('/^[a-Z0-9._ ]+@[w-]+(.[w-]+)+$/', $str)){
                return true;
        }
        return false;
}
                                                                                                                             
function check_telephone($str){   /// not standards compliant i.e won't meet E.164 etc for validating international phone numbers
        trim($str);
        if(!preg_match("/[^+()[:digit:][:space:]]/",$str)){
                return false;
        }
        return true;
}
                                                                                                                             
function check_binary($str){
        trim($str);
        if(strcmp($str,0)=='0' || strcmp($str,'1')){
                return true;
        }
        return false;
}
                                                                                                                             
function check_freetext($str){ // regular expression has a character class which allows all but the nastiest characters
        trim($str);
        if(!preg_match("/^[-a-z0-9_ :<C2><A3>@.,s=!*"/?+&()%'$[]]+$/i",$str)){
                return false;
        }
        return true;
}

function check_date($str){ /// dead useful when validating between mysql and php date formats
        trim($str);
        if(!preg_match("/^(d){1,4}-(d){1,2}-(d){1,4}+$/i",$str)){
                return false;
        }
        # check that the date is valid
        if(preg_match("/^(d){1,4}-(d){1,2}-(d){1,2}+$/i",$str)){
                list($year,$month,$day)=explode("-",$str);
        }elseif(preg_match("/^(d){1,2}-(d){1,2}-(d){1,4}+$/i",$str)){
                list($day,$month,$year)=explode("-",$str);
        }
        if(!checkdate($month,$day,$year)){
                return false;
        }
        return true;
}

christo
comment
chris
2008-02-24 21:33:20

php filter extension

With the new 'filter' extension added to php5, don't use the above for security purposes (xss or injection protection).

christo
reply icon