Forms question

[One Bad Omen]

Hi, I've got my forms working and it goes into the database all fine but I don't know how to make it where they can only enter a-z, 0-9 and spaces. Anybody know of a simple way to validate a form with these conditions? I'm already using the mysql_real_escape_string() and strip_tags() for security but it doesn't stop people from puting in other things like *,$,!., and so on. Any help will be greatly appriciated!

[murfitUK]

Probably need to use the ereg or eregi functions. Have a look at this page:http://uk2.php.net/manual/en/function.eregi.phpCan't help more as haven't yet plucked up the courage to use it!

[justsomeguy]

It looks like you can use the strcspn function to accomplish this:http://www.php.net/manual/en/function.strcspn.php

$allowed = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 ";if (strcspn($input_string, $allowed) != 0){  //contains characters other than those in the $allowed string}else{  //only contains characters in the $allowed string}

[MoZo1]

1 more thing: with mysql_real_escape_string() and strip_tags() you can use that characters (and even the ' character) safely. They're unnecessary with this check (because the allowed characters can't be used for attack), but still recommended as double check.