I am using preg_replace to replace any characters put in the form that I do not want, I have tried reading up on preg_replace but many of the examples I have looked at are not very clear.
In my code below I am using [^a-z etc... to say what characters are allowed and then the '' is what it should replace any characters that are not allowed with, but my code was not working so I echoed out the INSERT function which should of been entering user data into the database and most fields are being replaced with ''. Could anyone point me in the right direction?
Thanks, only the c and e variables are being inserted to database, e because it is not using preg_replace and c is a drop down list, the u p also work but everything else is replaced by ' ' for example I put the first name as joe and last name as wayne but when I look at the echo statement they are ' '
$u = preg_replace('#[^a-z0-9]#i', '', $_POST['u']);
$e = mysqli_real_escape_string($db_conx, $_POST['e']);
$p = $_POST['p'];
$ln = preg_replace('#[^a-z]#i', '', $_POST['lastName']);
$fn = preg_replace('#[^a-z]#i', '', $_POST['firstName']);
$g = preg_replace('#[^a-z]#i', '', $_POST['g']);
$c = preg_replace('#[^a-z ]#i', '', $_POST['c']);
$m = preg_replace('#[^0-9]#', '', $_POST['m']);
$ci = preg_replace('#[^a-z]#i', '', $_POST['ci']);
$pc = preg_replace('#[^a-z0-9]#i', '', $_POST['pc']);
$rs = $_POST['relationshipStatus'];
$d = $_POST['d'];
The following code:
<?php
$x = "heLlo World";
$y = preg_replace('#[^a-z0-9]#i', '', $x);
echo "y=$y|";
?>
produces:
y=heLloWorld|
So your expressions look ok to me. You'll have to verify that your subjects are not empty when they get to the server end.