I am sanitizing a query using the following regex. However, I need some special characters to be allowed in the query.
In particular I need to allow: Ä, ä, Ö, ö, Ü, ü, ß
What do I need to change to achieve this?
$query = preg_replace('/[^-a-zA-Z0-9_\/]/', '', $_GET['destination']);
/[^\w-\p{L}\p{N}\p{Pd}]/
This will match anything that's NOT an alphanumeric character (including UTF-8 letters) as well as the dash (-).
Your question is really about how to support multibyte characters in preg expressions, see: