Reputation: 19466
Regular expression to exclude chars for a valid URL
I'd like to create a filter which allows almost all chars but without / < > ? =
I've read in some site, I shoud use the ^ char inside ranges, but if I try it doesn't work properly:
mod_rewrite:
RewriteRule ^(user/)([^\<\>\?=]+)([/]?)$ user.php?username=$2
php for validation:
return eregi ("[^\<\>\?=/]", $value);
how I shoud write to set the right filter to allow all chars but not < > ? = / in my range?
can someone sugest me some other character should not inserted on url string for security or compatibility?
consider I should work with URLs like:
http://www.last.fm/music/小林武史
http://www.last.fm/music/Trentemøllerhttp://www.last.fm/music/Lindstrøm+&+Prins+Thomas
Upvotes: 1
Views: 948
Answers (3)
Reputation: 154513
This should be enough for both mod_rewrite PHP:
([^/<>?=]+)
BTW, you shouldn't use eregi() in PHP, use preg_match() instead with the i modifier.
Upvotes: 1
Reputation: 12683
Firstly, I don't think you need to escape all those characters in your character class. Try this instead:
RewriteRule ^(user/)([^<>?=/]+)(/?)$ user.php?username=$2
Secondly, don't use eregi, it's crazy (and deprecated). Use preg_match instead:
return preg_match("|[^<>?=/]|", $value);
HTH.
Upvotes: 1
Reputation: 798526
To put it in the colloquial, "ur doin it wrong". If you're not worrying about security in your script then no amount of blocking any characters will truly make your app secure short of cutting off the connection completely.
Upvotes: 0
Related Questions
- PHP validation/regex for URL
- Ignore parts of URL
- Prevent urls in string in php
- URL Validation/Sanitization with Regular Expressions
- How to exclude a word or string from an URL - Regex
- PHP URL validation
- regex to clean up url
- Regex excluding strings in between two slashes on URL
- How do I stop a Regular Expression when I reach a certain character in PHP?
- URL Validation Regex