Checking String for illegal characters using regular expression

Question

Dear all.

I want to check a for any illegal character using the following regular expression in PHP. Essentially, I want to allow only alphanumeric and underscore (_). Unfortunately the follow piece of code does not seem to work properly. It should return true if there is any illegal character in the string $username. However, it still allows any character in the string. Any idea what is wrong with the regular expression?

if ( !preg_match("/^[-a-z0-9_]/i", $username) )
{
    return true;
}

Thanks in advance.

Answer 1

Your code checks to see if the first character is not valid. To check to see if any invalid characters exist, negate your character class rather than the function return and remove the anchor:

if ( preg_match("/[^-a-z0-9_]/i", $username) )
{
    return true;
}

You could also, of course, shorten it to /[^-\w]/ ("word" characters are letters, numbers, and the underscore), or even just /\W/ if you don't want to allow dashes.

Answer 2

Your expression matches only 1 character. Try /^[-a-z0-9_]+$/i the '+' matches more then 1 character and the '$' is the end of line anchor

Answer 3

You need to anchor it at the end too, instead of just checking the first character. Try "/^[-a-z0-9_]*$/i" instead.

Answer 4

You have no repeater for one. You need a repeater such as +. As far as I can see without executing it, you check start of line and one character matching a-zA-Z0-9 and _ but nothing following that first character.

Answer 5

if $username only has alphanum and underscore it will return TRUE

if (preg_match("/^[a-z0-9_]+$/i", $username) )
{
    return true;
}