Did you look at the warnings?

PHP Warning: preg_match(): Compilation failed: range out of order in character class at offset 10

Hi eeek, thanks for the reply. I did not receive a warning. The script just returned the invalidName error which I defined. I've tried many different combinations but no matter what I do, preg_match just doesn't seem to recognize the apostrophe.

From the warning you displayed, it seems that the problem is in the ordering of the characters but as I've said above, I've tried many different combinations and did not find a working solution. Any ideas?

From the warning you displayed, it seems that the problem is in the ordering of the characters

it's the character right after the ' that is causing you problems. Do you see why?

No, I don't see why. I've been browsing the forums all day yesterday and today and read just about every relevant post I could find. Some posts suggest putting the hyphen at the end just before the ] and I tried that, still nothing. Others suggested to escape the apostrophe by adding \ and still it would not work. I tried using ereg instead and I saw some people using eregi so I tried that too and nothing is working. Finally, I decided to just ask :)

Why is it causing the problems?

You are specifying a range of ' to space. That is "out of order" just like the warning says.

How can I include the apostrophe and hyphen without causing problems?

You need to escape the hyphen.

I tried that already, it doesn't work. I've tried the following:

!preg_match("/^[a-zA-Z'\- ]+$/",$fullName)
!preg_match("/^[a-zA-Z\'\-\ ]+$/",$fullName)
!preg_match("/^[a-zA-Z'\ \-]+$/",$fullName)
!preg_match("/^[a-zA-Z\'\ \-]+$/",$fullName)

An example would really be helpful.

The first one works for me. (Though you need \\ for the escape.) What are you using as a test?

Hi max4, as eeek mentioned the first one should work. Is it possible that you're escaping the single-quotes inside $fullname before calling preg_match? Maybe you have magic-quotes on or you call addslashes / mysql_real_escape_string beforehand? That would add a backslash to the value in $fullname and break your validation.

Try printing out the value of $fullname just before calling preg_match. Also add this at the top of your script:

error_reporting(E_ALL);

This will print out a warning if your regex is not properly constructed. Hope this helps.

I'm working on my development server, the test is my form itself. I change the values and then submit the form and see what happens. I just noticed something; addslashes on the $_POST string
$fullName = stripslashes($_POST['fullName']);
returns the error I defined (Invalid name) but stripslashes allows it to go through, but then I receive the following:

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Reilly Al-M','Sam','69d5ae81a7af338d3a3ad366264b327f','What did you name your f' at line 3

I don't see any way around this!

You need to escape the strings you are passing to mysql.
Use mysql_escape_string for that.

idfer,

I am not calling addslashes or mysql_real_escape_string beforehand. My variables basically look like this:

$fullName = $_POST['fullName'];

except for passwords which use md5 and emails which use addslashes.

I am not calling addslashes or mysql_real_escape_string beforehand.

Is magic quotes turned on?

Neither mysql_escape_string, mysql_real_escape_string, or stripslashes are working with my form.

Basically I have reCAPTCHA stuff on top followed by database connection code, then I define the variables

$email = addslashes($_POST['email']);
$fullName = $_POST['fullName'];
$username = $_POST['username'];
etc. etc.

then I have the :

if (!preg_match("/^[a-zA-Z'\- ]+$/",$fullName) ¦¦ strlen($fullName) < 3 ¦¦ strlen($fullName) > 32) {
$invalidName = 1;
header("Location: login.php?invalidName=1");
}

there is nothing else in here that should be interfering with the script but no matter what I try I can not get the database to accept a name such as John O'Connor. Everything else works great, I can get Billy Bob, or Mahmoud Al-Maliki, but that apostrophe just wont submit!

eeek,

magic quotes is turned off

Ok, print out the SQL that is giving the error.

I don't quite understand what you are asking me to do, eeek. How do I print the SQL? Thank you for bearing with me

I set the script to print "fullName"; but nothing showed up. I have full error reporting on and received no errors other than the error I defined for an invalid name. Adding stripslashes to $_POST['fullName'] yields an SQL syntax error which I posted above.

I set the script to print "fullName"; but nothing showed up.

No, print out the SQL query that is failing.

Okay, I set the script to print the failed SQL query:

if (!mysql_query($sql,$con))
{
print "sql";
}

I also tried

if (!mysql_query($sql,$con))
{
print "mysql_query($sql,$con)";
}

And nothing showed up.

Just print it without the if.

Oh, wait. It's print $sql;.

INSERT INTO user (accountUse, email, fullName, username, userpass, securityQuestion, securityAnswer, updates) VALUES ('g','max@max.com','John O'reilly','max','69d5ae81a7af338d3a3ad366264b327f','What did you name your first pet?','69d5ae81a7af338d3a3ad366264b327f','y')

Here's the syntax error:

'John O'reilly'

The ' in O'reilly isn't escaped.

How do I escape this? I've already tried the following:

$fullName = addslashes($_POST['fullName']);

And the mysql_escape suggestions.

I've also tried:
!preg_match("/^[a-zA-Z\'\- ]+$/",$fullName)

How is $sql being created?

INSERT INTO user (accountUse, email, fullName, username, userpass, securityQuestion, securityAnswer, updates)
VALUES
('$_POST[accountUse]','$email','$fullName','$username','$userpass','$_POST[securityQuestion]','$securityAnswer','$_POST[updates]')";

I know it's not the most secure way of going about it, but I'm just trying to get it working now and will worry about security after.

Solved! Thank you so much!

I changed '$fullName' to '" . addslashes($fullName) . "'

Thank's eeek for guiding me in the right direction. I'd still be tinkering with preg_match if you didn't suggest looking at the query!