Posted by shimmyshack on 09/10/07 21:31

On Sep 10, 4:40 pm, "Peter" <Will_Bounce_So_Use_My_First_N...@Smart-
Projects.net> wrote:
> >> eregi_replace( '[^a-zA-Z0-9'\-]', '', $_POST['input1'] );
>
> So does this replace everything between
> a - z
> A - Z
> 0 - 9
> ?
>
> How can I include to allow an underscore and a dash ?

you could use ereg_replace (eregi_replace is case insensitive so we
neednt use a-z AND A-Z)
the idea is that you always whitelist characters you are prepared to
accept.
[a-z] is a character range, as is A-Z and 0-9 (you could list them
each individually as well sa in ' and -)
some characters have special meaning inside [] like - which denotes a
range, so its escaped with \
the ^ has a meanings inside and out outside
^[a-z]
it means that the string must start with something in the rnage a-z
whereas
[^a-z] means
the first chracter must NOT be in the range.

so

[^a-zA-Z0-9'\-]
means is anything which is NOT in the ranges denoted.
you can include more using
[^a-zA-Z0-9'\-_]

and by also using their hex equivalents for spacial chars, however
some have special meaning like * so they have to be escaped.

[Back to original message]