Home/ Questions/Q 8456079
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T12:27:17+00:00

This is the function I have that checks if the entered security question and/or

  • 0

This is the function I have that checks if the entered security question and/or answer contain malicious characters:

function validate_input($field) {
    $ErrorMessage = ""; 
    $field = preg_replace("/[\s]+is/", '', $field);
    if(preg_match("/^[A-Za-z0-9'?!-\s]+$/", $field ) ===0) {
        $ErrorMessage .= "<div class='error_message'>Potentially malicious characters found in:<i> " . $field . ",</i> please enter only alphanumeric characters</div/><br/>";
    } return $ErrorMessage;
}

When I enter something like “What’s up?” for the question, it comes back with an error. When I do a var_dump on ($field) it comes back as “What\’s up?”.

So how can I include the forward slash as an acceptable character?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It would seem that you have the “magic quote” feature of PHP active, which shouldn’t be for security reasons: all the escaping of user inserted data should be done by your own code.

    Anyway, if you want to keep things as they are now, replace your

    preg_match("/^[A-Za-z0-9'?!-\s]+$/", $field)

    with

    preg_match("/^[A-Za-z0-9'?!-\s\\\\]+$/", $field )

    the quadruple \ is there because you need to escape it both, for being in a string delimited with double quotes and for being in a regex.

    • 0