I am comparing inputs of different version numbers looking like so:
testname-v01.03.001.01
testname-v02.01.001.03
...
I am doing a comparison to make sure that no inputs are being maliciously entered into my textbook to harm my sql tables.
What I am doing is something like this:
<?php
function startsWith($needle, $haystack){
return $needle === "" || strrpos($haystack, $needle, -strlen($haystack)) !== false;
}
$reqmethod = $_SERVER["REQUEST_METHOD"];
$textInput = "";
if( $reqmethod == "GET") {
$textInput = $_GET["my_input"];
}
$stringComparison = "v02.01.001.01";
if ( $textInput != ""){
$valid_input = startsWith("testname", $textInput); #See if text starts with version
#if not check if its a partial match
if (!$valid_input){
if(preg_match('/^[A-Z][0-9]+.[0-9].[0-9].[0-9]', $textInput)){
$textInput= "version-" + $textInput;
} else {
$textInputReadOut = "BAD VALUE";
$textInput= "";
}
}
?>
To get the preg_match to equal say v01 would I just go about that by doing something like this: [A-Z][0-9][0-9]? I have tried that but the variable returns a BAD VALUE instead
Referenced : Checking a string against a pattern
