سؤال
I need to check if the passwords ONLY contain ENGLISH numbers and letters. I use the following regular expression:
https://stackoverflow.com/questions/20304131
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianif (!preg_match("^[A-Za-z0-9 _]*$^", $_POST['password']))
{
// show error
}
{
but this does not work and allows other languages characters without stopping the submission. what is the problem?
المحلول
Remove the ^ at the end of the preg_match. ^ means (if found as the first character) beginning, if it is a the end, it has the meaning that the character ^ should be present but because $ appears before it, its meaning is confusing and could mean several thing, the most "possible" one is after the end the character ^.
Use regexpal.com to test your regular expression.
Actually I would change it to this:
if (preg_match("[^A-Za-z0-9 _]", $_POST['password']))
{
// invalid character
}
نصائح أخرى
There is no such thing as an "ENGLISH" number or letter. Many languages are (or can be) written using the same alphabet as English. It is usually called the Latin alphabet.
If you really only want to accept Latin alphanumeric characters, use:
if preg_match("/^[a-zA-Z0-9]+$/", $_POST['password']) {
//good to go
} else {
//I don't like this password
}
Your original regex has an extra trailing ^, and it allows spaces and underscores. Do you want those characters to be allowed as well? If so, use ^[\w ]+$.
However, if you are doing this to limit the characters that passwords can consist of, have you stopped to think about what you're doing? Limiting the set of characters that you accept for passwords dramatically reduces their strength. You should allow the widest possible range of characters to allow users to choose strong passwords.
If you are checking to detect weak passwords, please disregard. However, there are other factors you should consider like length and the presence of dictionary words. See this answer for some excellent detail.
On a related note, are you storing your users' passwords in a hashed form? That is an absolute necessity.
Try
preg_match('/^[\w]+$/', $_POST['password'] ) instead !
Alternative :
preg_match("/^[a-zA-Z0-9]+$/", $_POST['password'])
preg_match() and the like use a delimiter set in the first character. This will end the regex, after which the string has to end or may specify modifiers only.
Thus your code should be e.g.
if (!preg_match('`^[A-Za-z0-9 _]+$`', $_POST['password']))
{
// show error
}
{
You were using ^ as a delimiter but should use it to cause your regex to match from string start, therefore I use the backtick ` as it is rarely used in a string (others would use /).
Additionally, use single quotes because double quotes " allow dollar-variable references, but you want $ to denote the end of the password to match against.
One more thing: Matching [...]* would also allow empty passwords which you should not encourage, therefore + (although it is debatable if you would rather have passwords with at least n characters, i.e. matching using [...]{n,}).
