I have a tcl variable $value that is being passed through a hidden input

Question

0

Asked: June 4, 20262026-06-04T11:58:48+00:00 2026-06-04T11:58:48+00:00

I have a tcl variable $value that is being passed through a hidden input

0

I have a tcl variable $value that is being passed through a hidden input field.
What would be a good regular expression to get it checked for an SQL injection.

I would want it to allow only numbers in case.

I would want it to allow only characters in another case.

And numbers and characters both in another case.

In all 3 cases I do not want any special chracters to be included

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-04T11:58:50+00:00

switch $case {
  case1 {set regex {^[[:digit:]]+$}}
  case2 {set regex {^[[:alpha:]]+$}}
  case3 {set regex {^[[:alnum:][:space:]]+$}}
  default {error "what case is this?"}
}
if {! [regexp $regex $value]} {
  error "invalid value: value"
}

To remove non-matching chars

switch $case {
  case1 {set regex {\D}}
  case2 {set regex {[^[:alpha:]]}}
  case3 {set regex {[^[:alnum:][:space:]]}}
}
set safe_value [regsub -all $regex $value ""]

See Tcl man pages for regexp, regsub, and re_syntax

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a tcl variable $value that is being passed through a hidden input

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply