|
Training, Open Source Computer Languages |
| Home | Accessibility | Courses | Diary | The Mouth | Forum | Resources | Site Map | About Us | Contact |
|
Don't expose your regular expressions
If you're writing an application, it's generally NOT a good idea to take a user input and slap it straight in to a regular expression for matching - quite simply because it's improbable that your user will be familiar with regular expressions and he / she will get all sorts of strange results if she / he puts any special characters into their search string. Users do often require to enter various search patterns, and I recommend that you come up with a scheme that suits your own type of search; that might involve taking the user's input and using it to indirectly for a regular expression, or it might make for some totally different search. I was talking about this yesterday to a Perl group, with a user community that's used to using * and ? in file name matching (know as globbing) and who want to do the same on data within Perl. It's a good example where the program shouldn't just pass through the data entered - rather, they should 1. Protect input special characters with a \ 2. replace input ? characters with a . 3. replace input * characters with a .* 4. Add ^ and $ anchors And that will give them the ability to wildcard in the good ole way they wish! (written 2006-02-15 07:00:34) Associated topics are indexed under H107 - String Handling in PHP[2629] Curly braces within double quoted strings in PHP - (2010-02-09) [2238] Handling nasty characters - Perl, PHP, Python, Tcl, Lua - (2009-06-14) [2165] Making Regular Expressions easy to read and maintain - (2009-05-10) [2046] Finding variations on a surname - (2009-02-17) [1799] Regular Expressions in PHP - (2008-09-16) [1613] Regular expression for 6 digits OR 25 digits - (2008-04-16) [1603] Do not SHOUT and do not whisper - (2008-04-06) [1533] Short and sweet and sticky - PHP form input - (2008-02-06) [1372] A taster PHP expression ... - (2007-09-30) [1336] Ignore case in Regular Expression - (2007-09-08) [1195] Regular Express Primer - (2007-05-20) [1058] PHP Regular expression to extrtact link and text - (2007-01-31) [1008] Date conversion - PHP - (2006-12-26) [728] Looking ahead and behind in a Regular Expression - (2006-05-22) [716] Evaluating arithmetic expressions in configuration files - (2006-05-10) [642] How similar are two words - (2006-03-11) [589] Robust PHP user inputs - (2006-02-03) [574] PHP - dividing a string up into pieces - (2006-01-23) [560] The fencepost problem - (2006-01-10) [558] Converting between acres and hectares - (2006-01-08) [493] Running a Perl script within a PHP page - (2005-11-12) [463] Splitting the difference - (2005-10-13) [422] PHP Magic Quotes - (2005-08-22) [337] the array returned by preg_match_all - (2005-06-06) [54] PHP and natural sorting - (2004-09-19) [31] Here documents - (2004-08-28) P212 - Perl - More on Character Strings [2657] Want to do a big batch edit? Nothing beats Perl! - (2010-03-01) [2379] Making variables persistant, pretending a database is a variable and other Perl tricks - (2009-08-27) [2230] Running a piece of code is like drinking a pint of beer - (2009-06-11) [1947] Perl substitute - the e modifier - (2008-12-16) [1735] Finding words and work boundaries (MySQL, Perl, PHP) - (2008-08-03) [1727] Equality and looks like tests - Perl - (2008-07-29) [1510] Handling Binary data (.gif file example) in Perl - (2008-01-17) [1305] Regular expressions made easy - building from components - (2007-08-16) [1251] Substitute operator / modifiers in Perl - (2007-06-28) [1230] Commenting a Perl Regular Expression - (2007-06-12) [1222] Perl, the substitute operator s - (2007-06-08) [943] Matching within multiline strings, and ignoring case in regular expressions - (2006-11-25) [928] C++ and Perl - why did they do it THAT way? - (2006-11-16) [737] Coloured text in a terminal from Perl - (2006-05-29) [597] Storing a regular expression in a perl variable - (2006-02-09) [586] Perl Regular Expressions - finding the position and length of the match - (2006-02-02) [583] Remember to process blank lines - (2006-01-31) [453] Commenting Perl regular expressions - (2005-09-30)
Some other Articles
Coming or going?Look out for the motor cyclist Need a hankie Been on a course, but still not got it? Don't expose your regular expressions On being British Train service from December Design your day with a walk Perl - multiprocess applications PHP - setting sort order with an associative array |
2677 posts, page by page
Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54 at 50 posts per pageThis is a page archived from The Horse's Mouth at http://www.wellho.net/horse/ - the diary and writings of Graham Ellis. Every attempt was made to provide current information at the time the page was written, but things do move forward in our business - new software releases, price changes, new techniques. Please check back via our main site for current courses, prices, versions, etc - any mention of a price in "The Horse's Mouth" cannot be taken as an offer to supply at that price.
Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).
PH: 01144 1225 708225 • FAX: 01144 1225 344596 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho