tomik
Reputation: 45
Attempt to preg_match
I've done this piece of code:
preg_match('/[\"\'><\/\\\]/', $foo))
The thing is, that I'm not really sure if that does only look up for following special chars or is there sth I missed?
< > " ' / \
The same case but for HTML inputs, is this right?
<input ... pattern="[^<>/\x5C;'\x22]+" />
Thanks for reply.
Upvotes: 0
Views: 56
Answers (1)
miken32
Reputation: 42718
If you're looking to test if these characters are present, this should work:
if (preg_match('/["\'><\/\\]/', $foo))) {
...
}
The corresponding HTML pattern to disallow these characters would look like this:
<input pattern="[^"'></\\]*"/>
If you are trying to match these characters with the notion of making user input safe for insertion into a database or for HTML display, you are going about this the entirely wrong way. Check out strip_tags(), filter_var(), and prepared statements.
Upvotes: 1