[nycphp-talk] Sneaking in unwanted characters
Brian Pang
bpang at bpang.com
Wed Sep 10 15:49:55 EDT 2003
without asking why someone's email can't start with "www"... shouldn't
the www in the second check be in parenthesis?
preg_match('/^(www\.)/', trim($_POST['email'])) )
maybe I'm wrong,, regular expressions get so confusing...
alternately, and probably slower, you could just check for a match in
the first 4 chars
if (substr(trim($_POST['email']), 0, 4) == "www.")
very brute, but very clear :)
> My client doesn't want anyone who visits his website to enter an email
> address like www.me at mydomain.com.
> So, I have two checks to validate the email entered by the user. Each
> check uses preg_match.
>
> Here's the pattern used for the first match:
> '/^[a-z0-9_.=+-]+@([a-z0-9-]+\.)+([a-z]{2,6})$/i',
>
> Then the email goes through a second check: ( preg_match('/^www\./',
> trim($_POST['email'])) )
>
> Somehow someone managed to sneak through an email address with a www at
> the beginning and I'm a bit puzzled as to how they managed to do it. Is
> it possible that they entered some sort of non-printable character, like
> a character with an ASCII value less than 33, which would foil the data
> check? Or is it something obvious that I'm overlooking?
>
> Jeff Siegel
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>
>
More information about the talk
mailing list