Roman Neuhauser wrote:
> # jochem@xxxxxxxxxxxxx / 2007-01-17 11:41:54 +0100:
>> Roman Neuhauser wrote:
>>> # jochem@xxxxxxxxxxxxx / 2007-01-17 01:42:09 +0100:
>>>> if (!preg_match("#^[A-Z0-9]+\$#i", $s)) {
>>>> (ps the above is a crappy regexp for real world use imho, but it serves
>>>> the purpose of example)
>>>
>>> It's dangerous.
>> why dangerous?
>>
>> given that this page: http://php.net/manual/en/function.ctype-alnum.php
>> says, and I quote:
>>
>> "Checks if all of the characters in the provided string, text, are
>> alphanumeric. In the standard C locale letters are just [A-Za-z] and
>> the function is equivalent to preg_match('/^[a-z0-9]+$/iD', $text).
>> "
>
> re_format(7) on FreeBSD:
>
> A bracket expression is a list of characters enclosed in `[]'.
> (...)
> If two characters in the list are separated by `-', this is
> shorthand for the full range of characters between those two
> (inclusive) in the collating sequence, e.g. `[0-9]' in ASCII
> matches any decimal digit.
> (...)
> Ranges are very collating-sequence-dependent, and portable programs
> should avoid relying on them.
one other thing ...
wouldn't it be fair to assume (safety through paranoia) that
ctype_alnum() would suffer the same problem? (given the manual's
indication that ctype_alnum() and the offending regexp are equivalent?)
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
