$page = $_GET['page'];
if (isset($page))
if (!preg_match('/[\w\d_]+/i', $page))
die("Error");
I want to allow alphanum and underscore.
My above code works, but let say I set 123...
, this works too.
Is preg_match()
not able to validate trailing characters after the match?
The regex will match as long as an alphanumeric appears as a substring of $page
. Since 123...
contains the substring 123
it will pass your regex.
Use
/^\w+$/
to match the whole string. (\w
already means [a-zA-Z0-9_]
so your \d
, _
and the i
modifier are redundant.)