|
|
Posted by Rik Wasmus on 02/01/08 18:01
On Fri, 01 Feb 2008 18:36:54 +0100, k3pp0 <upthekhyber@gmail.com> wrote:
> Hello,
>
> I have a registering form with the input fields for realname (two
> seperate fields for surname and forename), username, password,
> password again and email.
>
> I want to check each each input field and redirect to another page
> when all the fields are valid. If not, the form should show up again,
> with all the invalid input fields highlighted and with the adequate
> error messages displayed.
>
> Therefor, I write a function for every input field, that checks the
> validity of it.
> I thought I'd do that with regexp/preg_match, but I'm a big newbee...
>
> I already found a quite good solution for the email field (http://
> www.ilovejackdaniels.com/php/email-address-validation), what do you
> think about it?
Better then most, not entirely correct yet. See if you can Friedl's regex
for email validation, it's a few pages long. However, being more
'allowable' for email addresses usually does the trick. Just make sure no
header injection is done & there's only 1 @ present.
> So, what I still need, are the validation functions (regexps) for the
> surname, forename, username, password an the second password.
>
> The realname (surname/forename) should only contain all letters (also
> special characters like an umlaut, ´, ` and all that kind of stuff), a
> "-" and a space.
'That kind of stuff' doesn't cut it in regexes. What kind of stuff?
With a proper locale you can use \w for the letter, else use utf-8 mode
and something like \p{L}. You do have to define what 'other' stuff is and
put that into a character class. Personnaly, I usually trust people who
have entered their name to be correct, and I'd just use /\S+/ (meaning: at
least one character that is not whitespace). /\w+/ is also an option.
> The username should only consist of letters (no special characters),
> numbers, "_" and "-" (or do you guys suggest any other allowed
> characters?).
I'd suggest _all_, I don't care it someone chooses a weird username,
allthough I'd probably limit it to a certain length.
Your suggestion would be: /^[a-z0-9_-]+$/i, mine would be /^.{1,16}$/s
(limited from 1 to 16 chars here).
> For the password, I guess I should allow every possible combination
> and check for a minimum lenght...
Yup, /^.{8,*}$/s, and only store some hash of the (md5()/sha1() etc.).
On a side note: I'd use trim() on all strings before matching.
--
Rik Wasmus
Navigation:
[Reply to this message]
|