Is preg_match safe enaught in input satinization?

Posted by DaNieL on Stack Overflow See other posts from Stack Overflow or by DaNieL
Published on 2010-04-12T14:38:14Z Indexed on 2010/04/12 14:43 UTC
Read the original article Hit count: 476

Im building a new web-app, LAMP environment... im wondering if preg_match can be trusted for user's input validation (+ prepared stmt, of course) for all the text-based fields (aka not html fields; phone, name, surname, etc..).

For example, for a classic 'email field', if i check the input like:

$email_pattern = "/^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)" .
    "|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}" .
    "|[0-9]{1,3})(\]?)$/";

$email = $_POST['email'];
if(preg_match($email_pattern, $email)){
    //go on, prepare stmt, execute, etc...
}else{
    //email not valid! do nothing except warn the user
}

can i sleep easy against the sql/xxs injection?

I write the regexp to be the more restrictive as they can.

© Stack Overflow or respective owner

Related posts about php

Related posts about input-validation