0

hi guys i was wondering how could i build e regExp that says:

"this string may contain 1-25 letters that are not these specific words:"root","bin","download","shutdown"

So I thought:

$dang_words="/(root)|(bin)|(shutdown)|(download)/";
$reg_exp="/^[a-z]{1,25}$/";

if(preg_match($reg_exp,$field) || !preg_match($dang_words,$field))
{
 echo "your input it's okkk!";
}
else 
 echo "this is a bad word!!";

But it's not working

why?

thanks

Luca

Improve this question
3
  • Do you mean that the string must not be one of the bad words or must not contain one of the bad words? So, would rubinia be allowed or not? Commented Feb 24, 2011 at 18:05
  • Just change || to && in your if. Commented Feb 24, 2011 at 18:07
  • i just want to allow alphabet letters but dont wont any dangerous word! Commented Feb 24, 2011 at 18:52

3 Answers 3

Reset to default
5 
$dangerous_words="/(root)|(bin)|(shutdown)|(download)/";
$reg_exp="/^[a-z]{1,25}$/";

if(preg_match($reg_exp,strtolower(trim($field))) && !preg_match($dangerous_words,strtolower(trim($field))))
{
 echo "your input it's okkk!";
}
else 
 echo "this is a bad word!!";

You have your logical operators messed up.. Just changed from || to &&.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

4

Close... Try this:

/^(?!.*(root|bin|shutdown|download))[a-z]{1,25}$/

It uses a forward assertion

So, it becomes:

if (preg_match('/^(?!.*(root|bin|shutdown|download))[a-z]{1,25}$/', $content)) {
    echo "Your input is ok";
} else {
    echo "there is a bad word/invalid content";
}
Improve this answer

3 Comments

Care to explain the -1? It works in one regex instead of two...?
I guess it depends on the interpretation of his intent. Your single regex is different than the combination of his 2 regexes. Yours only flags the string as bad if the string is an exact match for one of the bad words. His method flags the string as bad if the string contains one of the bad words anywhere in the string.
@brett: thanks, I didn't realize that. But knowing that now, I can fix that problem ;-)
0

I think your issue lies with all the ( ). In some old code I created a while ago I used this:

$stopInjectionVerbs = "/(alter|begin|cast|convert|create|cursor|declare|delete|drop|end|exec|fetch|insert|kill|open|select|sys|table|update)/";
$errors = array();

if (preg_match($stopInjectionVerbs, $select)) {
    $errors[] = "Can not use SQL injection Strings";
}

This all works correctly. Have a go without the brackets around each individual word.

Improve this answer

1 Comment

I just tested against('root') without all those brackets.. and it still says "your input it's ok!!!"

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.