PHP preg_match double quote matching

Question

I'm a newbie, and a bit of a regex dullard, so please forgive me what will appear to be a completely stupid question.

In PHP I'm trying to use a regex to match when a double quote " appears in text from a control on an HTML form and allow it to be used. The current regex isn't working:

preg_match('/[^a-zA-Z0-9 \"\'\?\-]/', $v)

as all the other characters work ok, but if I put a " in the text, it still fails the regex.

I've tried [^a-zA-Z0-9 \"\'\?\-] on https://regex101.com/, and it seems to work ok. Is there something wrong with my PHP instance that needs fixing, or is PHP in some way not working consistently with https://regex101.com/?

Ian J.

Edit:

Input: test"

Output: 10

Edit:

$v = test"
$n = 50
$s = Name:
$f = $fail (which is passed by reference as a counter)

function validate_text($v, $n, $s, &$f)
{
    if ($v == "")
    {
        ++$f;
        return "<span class='error'>".$s."</span>";
    }
    elseif ((strlen($v) > $n) || preg_match('/[^a-zA-Z0-9 \"\'\?\-]/', $v))
    {
        ++$f;
        return "<span class='error'>".$s."</span>&nbsp;<span class='errorextra'>(Please enter only upper or lower case letters, numerals, spaces, and basic punctuation, maximum ".$n." characters)</span>";
    }
    return $s;
}

Edit: OK, it appears that there is something odd happening between the $_POST value and it's passing to a variable. I will have to investigate and get back. But for now, this question is on hold.

Edit: some initial investigation points to a conversion occuring in a call to htmlentities earlier in the code doing a conversion of the double quote to something else. Therefore I don't think this is a regex problem. I've marked 'beiller' as the answer due to his code example putting me on the path to finding where the problem actually is.

Answer 1

I found this discussion having the similar problem: tried to match quotes, my regex was working ok in JavaScript section of the code and passed tests on https://regex101.com/, but didn't work properly in the php section.

Changing regex outside quotes from double to single and back, escaping or not quotes inside the regex – didn't make any difference.

The solution: I had the string filtered

filter_input(INPUT_POST, 'my_var', FILTER_SANITIZE_STRING);

Removing the filter or adding the flag

filter_input(INPUT_POST, 'my_var', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);

solved the problem. So quotes in the string and quotes in the regex were not equal because of sanitising encoding. Hope it will save someones sleepless time :-)

Answer 2

this is a code am using and its working fine

function somefunc($value)
{
    $result= preg_replace("#[?.&,;\"\'@\-_ \/]#", " ", $value);
    return $result;
}

Hope this will help.

Answer 3

One important thing about regexp is that they are looking for any substring of your subject that matches given pattern. So if you want to allow let say alphanum characters, space and double quote, look for everything that is not within your allowed characters, and negate the preg_match result.

var_dump(!preg_match('/[^[:alnum:] "]+/', 'lorem ipsum dolor si amet 42'));
=> bool(true)
var_dump(!preg_match('/[^[:alnum:] "]+/', 'lorem ipsum "dolor" si amet'));
=> bool(true)
var_dump(!preg_match('/[^[:alnum:] "]+/', 'lorem&ipsum "do^or" +si amet'));
=> bool(false)

Answer 4

Your question is a bit confusing so let me describe what your regular expression does:

preg_match('/[^a-zA-Z0-9 \"\'\?\-]/', $v)

It will match any string which DOES NOT contain a-zA-Z0-9 \"\'\?\-

Also you are escaping your " with \" which is not necessary. Try removing the back slash.

The input test" should not be matched by this regex because it contains the letter "t".

I made another attempt but answered too quickly. Try the following code:

$v = 'test"';
$n = 50;
$s = 'Name:';
$f = 0;

function validate_text($v, $n, $s, &$f)
{
    if ($v == "")
    {
        ++$f;
        return "<span class='error'>".$s."</span>";
    }
    elseif ((strlen($v) > $n) || preg_match('/[^a-zA-Z0-9 "\'\?\-]/', $v))
    {
        ++$f;
        return "<span class='error'>".$s."</span>&nbsp;<span class='errorextra'>(Please enter only upper or lower case letters, numerals, spaces, and basic punctuation, maximum ".$n." characters)</span>";
    }
    return $s;
}

echo validate_text($v, $n, $s, $f);

Output:

Name: