PHP regular expression to verify common special characters

WBOY
Release: 2023-06-24 15:28:02
Original
1493 people have browsed it

Special characters commonly used in PHP regular expression verification

In programming, we often need to verify the data entered by the user. In PHP, regular expressions can easily meet this need. However, due to the wide variety of data entered by users, sometimes we need to pay special attention to the verification of special characters to ensure the validity and security of the data.

The range of special characters is very wide, such as HTML tags, URL addresses, XML tags, SQL statements, etc. are all special characters. These characters may affect the execution of the program, or be improperly exploited to cause security vulnerabilities. Therefore, we need to know the commonly used special characters and use PHP regular expressions for verification.

  1. HTML tag

HTML tag is an essential element in a web page. However, if not properly filtered, these tags can also be exploited for attacks. PHP regular expressions can be used to validate and sanitize HTML tags. For example, the following regular expression can verify whether the HTML tag is included:

if (preg_match('/<(.*)>.*</>|<(.*) />/', $string)) {
    echo "包含HTML标记";
} else {
    echo "没有包含HTML标记";
}
Copy after login

In the above regular expression, represents the match within the first parenthesis in the regular expression, indicates the match within the second parentheses.

  1. Alphanumeric characters

Alphanumeric characters are strings of letters and numbers. In some scenarios, only alphanumeric characters are allowed. In this case, we can use the following regular expression for verification:

if (preg_match('/^[a-zA-Z0-9]+$/', $string)) {
    echo "是字母数字字符";
} else {
    echo "不是字母数字字符";
}
Copy after login

In the above regular expression, ^ represents the beginning of the string. $ represents the end of the string, [a-zA-Z0-9] represents matching any letter or number.

  1. URL address

In applications, it is often necessary to verify the URL address entered by the user. Use the following regular expression to verify the format of the URL address:

if (preg_match('/^http://[a-zA-Z0-9-.]+.[a-zA-Z]{2,3}(/S*)?$/', $url)) {
    echo "URL地址格式正确";
} else {
    echo "URL地址格式错误";
}
Copy after login

In the above regular expression, ^ represents the beginning of the string, and $ represents the end of the string. ; http:// means matching the string starting with "http://"; [a-zA-Z0-9-.] means matching any letter, number, Horizontal line or period, and the number is at least 1; [a-zA-Z]{2,3} means matching any two or three letters; (/S*)? means matching a slash followed by any number of non-empty characters. This part is optional.

  1. XML tag

In an XML document, the tag and its content are presented in a certain format. You can use the following regular expression to verify whether the format of the XML tag is correct:

if (preg_match('/^<([^/]+?)>.*</>$/', $xml)) {
    echo "XML标签格式正确";
} else {
    echo "XML标签格式错误";
}
Copy after login

In the above regular expression, ^ represents the beginning of the string, and $ represents the string at the end, <([^/] ?)> means matching any non-slash character, and parentheses means taking this part as the first match and recording it; .* means matching any number of characters; </ > means matching the string matched by the first match.

  1. SQL injection attack

SQL injection attack is a common network attack method. The attacker injects SQL statements into the application, allowing the application to execute malicious operate. Use the following regular expression to filter user-entered data to prevent SQL injection attacks:

function filter_sql($string) {
    // 去除SQL关键字
    $string = preg_replace('/(SELECT|UPDATE|DELETE|DROP|INSERT|ALTER)/i', "", $string);

    // 去除单引号
    $string = str_replace("'", "", $string);

    return $string;
}
Copy after login

In the above regular expression, represents the word boundary, (SELECT|UPDATE| DELETE|DROP|INSERT|ALTER) means matching these keywords, i means it is not case sensitive.

When writing applications, we need to consider the diversity and security of data. It is very necessary to use PHP regular expressions to verify and clean user-entered data. Through the above examples, we can see that PHP regular expressions are very powerful and flexible, can be applied in various scenarios, and help us ensure the security and reliability of applications.

The above is the detailed content of PHP regular expression to verify common special characters. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template