Allow alphanumeric, punctuation, and spaces

Question

I'm pretty new to regular expressions, and MAN do they give me a headache. They are so intimidating! For an email campaign I'm doing, a user will click a link out of the email with a few URL parameters filled in for them, to make filling out a form easier. I want to prevent any injection hacks or whatever it's called, but need to allow the $_GET parameters to be alphanumeric, have punctuation, and have spaces. If someone has a good method for this, I'd appreciate it, but right now I have:

foreach($_GET as $m=>$n) {
    $get[$m] = preg_replace('(^[a-z0-9 \-\_\.]+)i',' ',$n);
}

I would like to be able to replace all characters NOT found with this regular expression, which I believe I use ?!, but I can't get that to work either. Any help in getting this to work would be appreciated!

Answer 1

The ^ character lives within the square brackets. So your code should be:

$get[$m] = preg_replace('([^a-z0-9 \-\_\.]+)i',' ',$n);

Answer 2

You are missing delimiters and also you should put the + out of the ending bracket ]

foreach($_GET as $m=>$n) {
    $get[$m] = preg_replace("/[^a-zA-Z0-9 \-\_\.]+/"," ",$n);
}

Or:

foreach($_GET as $m=>$n) {
    $get[$m] = preg_replace("#[^a-zA-Z0-9 \-\_\.]+#"," ",$n);
}