0

I am using this preg_match value to verify that the input into the server is clean from all sorts of malicious characters.

preg_match('/^[a-zA-Z)(\!@&,0-9\?_\-\.\s\*&\$\r\n]{0,'. $str_length.'}$/',$_POST['text'])

If there's no match I return false, and the server won't accept it. I would like to add links to that input. so that I can get:

"hello there, this is my picture: http://myserver.com/imgs/user-images/user222.jpg 
and this is my dog http://myserver.com/imgs/user-images/user222-dog.jpg"

How can I add links to my input?

Improve this question
1
  • According to your regex all you are doing is checking the first character only. Unless you are missing part of your regex, which it seems you are as you don't have an ending delimiter or closing quote. Commented Feb 1, 2013 at 10:47

1 Answer 1

Reset to default
2

I think you should rather use something like htmlentities and your RDBMS library tools to avoid malicious characters rather than implement your own regex. Yours seems very restrictive : no + sign, no colon, no semi-colon, no percent... I don't know what your application is, but users might dislike that.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I'll be very grateful if you could explain a bit more on how to do this right, I just wrote another question: This question

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.