Php preg_match issue

Question

With following php preg_match i'm trying to show a error message if someone input any value except a-z or 0-9 in a textarea form. Just only user can type string and numerice value. Not , < ? >any php, javascript tag etc.

if(preg_match("/^[a-zA-Z0-9]+/ ", $wall) != 1)
$err[] = "Wrong value";

So, if i put php tag to the begning of the form then it's show error message but if i put "Some text then type php tag and another value" then it's doesn't show any error message.

Sorry my bad english.:(

Answer 1

if( preg_match("/^[a-zA-Z0-9]+$/ ", $wall) ) {
    $err[] = "Wrong value";
}

You have to anchor the beginning and end otherwise they can type a#$@#$@#$#.

Also, no need for the != 1 at the end. It's more readable without it.

Answer 2

You could just check whether there is any character you don't want.

if(preg_match("/[^a-zA-Z0-9]/ ", $wall)) {
  $err[] = "Wrong value";
}

Answer 3

Because you've set the expression to check alphanumeric characters at the beginning of string using ^

if you change it to this, this will check if it has a < or > anywhere in the string:

if(preg_match("/[<|>]+/ ", $wall))
$err[] = "Wrong value";