Sanitisation on user input using whitelist

Question

I have this code which sanitises user input on a variable called \'username\':

$username_clean = preg_replace( \"/[^a-zA-Z0-9_]/\", \"\", $_POST[\'username\'] );         


        

Answer 1

If the regex and test for failure is the same, you can write a function:

function validate($input, $input_name) {
  $clean_input = preg_replace( "/[^a-zA-Z0-9_]/", "", $input );
  if (!strlen($username_clean)){
    die("$input_name is blank!");
  }
  return $clean_input;
}
validate($_POST['username'], "Username");