PHP - folksonomy tag checking regex

Question

I'm trying to create a regex for checking values of submitted tags for a free form folksonomy system. Here is what I have now.

if (!preg_match('/([^-\\a-zA-Z0-9._@\'])+/',$proposedtag)) {
    //true, good
    return true;
} else {
    //false, bad characters
    return false;
}

I want to allow: hyphen, backslash, forward slash, a-z, A-Z, 0-9, period, underscore, at sign, and single quote mark, and disallow all others.

I'm pretty sure a negated character class is the way to go on this...

However my code above seems to allow other characters (such as +), and I'm not sure why. Also as a sidenote, I'm not sure if I'm making sure I don't inadvertently allow SQL injections. Any tips?

score 2 · Accepted Answer · answered Aug 07 '09 at 23:24

2

I believe it's an escaping issue with the backslash characters inside your character class. Try this instead, it seems to work better on the tests I fed it. Note the double-escaping on the backslashes (which I moved to the end):

if (!preg_match('/([^\-a-zA-Z0-9._@\'\\\\])+/',$proposedtag)) {

answered Aug 07 '09 at 23:24

zombat

92,731
24
156
164

This is working for me so far. However I did modify it to this: '/([^\-\/a-zA-Z0-9\._@\'\\\\])+/' to include the forward slash. – jjclarkson Aug 07 '09 at 23:31

PHP - folksonomy tag checking regex

1 Answers1