Checking String for illegal characters using regular expression

1
votes

I want to check a for any illegal character using the following regular expression in PHP. Essentially, I want to allow only alphanumeric and underscore (_). Unfortunately the follow piece of code does not seem to work properly. It should return true if there is any illegal character in the string $username. However, it still allows any character in the string. Any idea what is wrong with the regular expression?

if ( !preg_match("/^[-a-z0-9_]/i", $username) )
{
    return true;
}

Thanks in advance.

5
phpregex

5 Answers

15
votes

Your code checks to see if the first character is not valid. To check to see if any invalid characters exist, negate your character class rather than the function return and remove the anchor:

if ( preg_match("/[^-a-z0-9_]/i", $username) )
{
    return true;
}

You could also, of course, shorten it to /[^-\w]/ ("word" characters are letters, numbers, and the underscore), or even just /\W/ if you don't want to allow dashes.

2
votes

If $username only has alphanumeric and underscore it will return TRUE

if (preg_match("/^[a-z0-9_]+$/i", $username) )
{
    return true;
}
1
votes

Your expression matches only 1 character. Try /^[-a-z0-9_]+$/i the '+' matches more then 1 character and the '$' is the end of line anchor

1
votes

You need to anchor it at the end too, instead of just checking the first character. Try "/^[-a-z0-9_]*$/i" instead.

0
votes

You have no repeater for one. You need a repeater such as +. As far as I can see without executing it, you check start of line and one character matching a-zA-Z0-9 and _ but nothing following that first character.