securing POST and GET using expressions

[kows]

Anyone have a good preg_replace expression or even a different method of securing any variables I might want to? I'm looking to include A-Z, a-z, 0-9, and all of the SHIFT+KEY keys, and not allow any others. So, it's basically only the 'easily typable' keys.

Any help would be appreciated.. I could just make a safe array and do that, but I'm looking for a more efficient way that's only a line or two of code.

I've used this string in Perl before, but I have no idea of how to convert it over to PHP.. I tried a bit, but couldn't get it..

Code:

$str =~ s/[^A-Za-z0-9_]//gs;

[The Hobo]

What kind of application do you have where you'd need to do this? Just curious.

[kows]

storing usernames and don't want to allow the alternate number pad ascii characters, also just want to remove evil characters from POST and GET requests.

[ober0330]

Sorry to slightly derail this thread, but I had a similar question. Would checking for ampersands in the POST/GET array be enough in terms of a security check for user input? I mean, if a user were to try and sneak an extra variable in there, and you checked for ampersands, wouldn't that be enough to catch it?

[kows]

this is what I've used for a while to clean POST and GET.. i've modified it a bit and removed some code that i'm using to clear values for member names though.

to avoid losing some of the formatting, here's the source:

http://david.gamersepitome.net/files...file=clean.php

just include it into a config file or call the config file within it and any call to a GET or POST variable will be auto-cleaned

[ober0330]

Excellent. Thanks.

[phpman]

Originally posted by kows
storing usernames and don't want to allow the alternate number pad ascii characters, also just want to remove evil characters from POST and GET requests.

if (preg_match("/[0-9a-zA-Z]/, $post)){

if it doesn't have numbers or letters than it retuns flase. no ned to worry about the numpad.