Databases
StackOverflow2013
Postsdbo
POValidate class/method names with regex
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POValidate class/method names with regex
    text
    copied!<p>I'm currently working on an MVC Style framework for a company and for security reasons I need to make sure that the controller / method that's passed via the Query String is valid chars to the RFC (which I can't find).</p> <p>I need to be able to validate / sanitize class names according to what's allowed by the PHP interpreter</p> <p>For Example:</p> <pre><code>class SomEFunk__YClAssName extends Controller { } </code></pre> <p>I need some kind of regex that will validate <code>SomEFunk__YClAssName</code> and sanitize it if need be! This is also the same principles as methods.</p> <p>There is a few things to take into consideration such as</p> <ul> <li>Numerics at the start</li> <li>Only underscores allowed</li> <li>Certain PHP Special Chars to be allowed.</li> </ul> <p>Any information on this or possible expressions would be really helpful.</p> <p>Here is some of my Router Code so you can see where I need to implement it:</p> <pre><code>private function prepareQueryString() { if(strlen($this-&gt;query_string) == 0) { return; } //Remove [ending|starting|multiple] slashes $this-&gt;query_string = preg_replace('/^\/+|\/+$|\/(?=\/)/', '', $this-&gt;query_string); foreach(explode('/',$this-&gt;query_string) as $Key =&gt; $Value) { if($Key == 0) { $Controller = $this-&gt;AssignController($Value); } if($Key == 1) { $this-&gt;AssignMethod($Value); }else { $this-&gt;AssignParam($Value); } } //Build RouterVar stdClass } public function AssignController(String $Controller) { if(!empty($Controller)) { //Sanitize } } public function AssignMethod(String $Method) { if(!empty($Method)) { //Sanitize } } public function AssignParam(String $Param) { $this-&gt;params[] = $Param; } </code></pre> <p>You will see the comment "Sanitize" where the check is needed.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload