Ask a question    Sign Up Sign In
  1. Home
  2. php - preg_match to sanitize input for the best security

147 votes
1 answers

php - preg_match to sanitize input for the best security

Get the solution ↓↓↓

I am working on a wordpress website (i am new to web development). I installed a theme and now I am looking to improve it and make it suit my needs. Regarding the register form, the theme's code to check for invalid characters in the password is this:

else if(preg_match("/^([a-zA-Z0-9@#-_$%^&+=!?]{1,20})$/", $data['user_password'])==0) {
                SendtoUSER::$messages[]=__('Forbidden characters detected', 'mytheme');

and for the username is this

if(preg_match('/[@\s]/', $username)) {
            $valid=false;
        }

I did some research and i understand most of the expression"/^([a-zA-Z0-9@#-_$%^&+=!?]{1,20})$/" - what i don't get is why ; is still valid to use (i observed that removing#-_prevents; from working, so is#-_ an inverval?) My question is what@#-_$%^&+=!? means in the expression? Is this code good enough, what are some good practices to implement preg_match for max security? Thanks in advance for your reply.

556
votes

Answer

Solution:

I guess in WordPress, thesanitize_text_field will be the best solution to do it. You can validate it:

if ( sanitize_text_field( $data['user_password'] ) !== $data['user_password']  ) {
    $valid=false;
}

Also, I've checked how it works on the Profile page, and it looks like in the core, it validates as:

$pass1 = trim( $_POST['pass1'] );
//...
// Check for "\" in password.
if ( false !== strpos( wp_unslash( $pass1 ), '\\' ) ) {
    $errors->add( 'pass', __( '<strong>Error</strong>: Passwords may not contain the character "\\".' ), array( 'form-field' => 'pass1' ) );
}

Probably the best solution is copying the WordPress solution as well.

Write your answer



Share solution ↓

Additional Information:
Link To Source
People are also looking for solutions of the problem: cannot access offset of type string on string

Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Similar questions

Find the answer in similar questions on our website.

329 php - File format or extension invalid PHPExcel
588 php - preg_match post-id
981 Print informative, well formatted mysql errors in PHP
351 preg replace - PHP preg_replace multiple rules
104 php - Use mysql_fetch_array() with foreach() instead of while()
186 Including a html form in a php script
459 php - Why should you validate forms using javascript?
999 PHP + SQL - Using SQL Server 'Create To' scripts to create tables through PHP
732 php - I honestly have no clue how to formulate this pass-by-reference conundrum
321 php - Cakephp 2.8.4 ignoring hasMany

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.





About the technologies asked in this question

PHP

PHP (from the English Hypertext Preprocessor - hypertext preprocessor) is a scripting programming language for developing web applications. Supported by most hosting providers, it is one of the most popular tools for creating dynamic websites. The PHP scripting language has gained wide popularity due to its processing speed, simplicity, cross-platform, functionality and distribution of source codes under its own license.
https://www.php.net/

Welcome to programmierfrage.com

programmierfrage.com is a question and answer site for professional web developers, programming enthusiasts and website builders. Site created and operated by the community. Together with you, we create a free library of detailed answers to any question on programming, web development, website creation and website administration.

Get answers to specific questions

Ask about the real problem you are facing. Describe in detail what you are doing and what you want to achieve.

Help Others Solve Their Issues

Our goal is to create a strong community in which everyone will support each other. If you find a question and know the answer to it, help others with your knowledge.