Reading your other post, I think what you REALLY want to do is throw away an
variable that contains non-numeric values... Since you only want numbers,
then everything else must be a mistake, or an attack.
take the URL blah.php?foo=45&bah=hekygu
if(in_numeric($_GET['foo']))
{
// do stuff
}
else
{
unset($_GET['foo'])
}
if(in_numeric($_GET['bah']))
{
// do stuff
}
else
{
unset($_GET['bah'])
}
A LOT quicker than regexp, and you're changing the question from "i want to
strip this stuff out" to "i want to keep this stuff in", which is a lot
safer than trying to imagine everything a hacker might try... a good rule to
live by, even if it's not totally needed in this case.
Justin French
on 15/11/02 1:32 AM, CJ ([EMAIL PROTECTED]) wrote:
> I want to scan the variables passed from teh url of my script for non alpha
> characters. The variables should only consist of a-z A-Z 0-9 and spaces,
> full stops and commas (Basically I don't want scripts to be passed via the
> variable to the server)
>
> I've used perl a long time ago and its regular expressions seemed ideal for
> this kind of thing. Can enybody suggest a scrip to remove unwanted
> characters from my variable?
>
>
Justin French
--------------------
http://Indent.com.au
Web Developent &
Graphic Design
--------------------
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
