VERY IMPORTANT question about validation using php

i am using php in order to validate a form where users register. please help me to solve the following validations.

1. name can have spaces. ex= john smith
presently the validation i am using is if( $fname == "" || !eregi("^[a-zA-Z_]+$", $fname) )
i need the syntax which would accept a-zA-Z WITH A SPACE IN BETWEEN NAMES ex= john smith

2. text can have spaces and special characters ex= ref 100/abcd
presently the validation i am using is if( $depositnumber == "" || !eregi("^[a-zA-Z0-9_]+$", $depositnumber) )
i need the syntax which would accept a-zA-Z0-9 WITH A SPACE IN BETWEEN AND SPECIAL CHARACTERS ex= ref 100/abcd

3. spaces in numbers. ex= 123 4567
presently the validation i am using is if( $phonenumber == "" || !eregi("^[0-9]+$", $phonenumber) )
i need the syntax which would accept 0-9 WITH A SPACE IN BETWEEN
ex= 123 4567

4. in case of [a-zA-Z0-9_] if i remove the "_" after 9 will it have a negative impact or is this a syntax due to which i
should i leave the "_" as part of [a-zA-Z0-9_]

5. using stripslashes() function
due to the above validation there is no way a user can enter special characters which could lead to sql injection. inspite of
this should i still use stripslashes to be on the safe side.

please provide the exact syntax for the above validations to works as specified for different scenarios.

thanks.

http://www.sitepoint.com/article/reg...ressions-php/2
The syntax reference given on this page should help you.
and we could have better thread titles next time plz!

I'm not a regex expert by any means and I use PCRE, so caveat emptor.

In PCRE you can use the x modifier to ignore spacing in the entire expression. ("/^[a-zA-Z_]+$/x")

Your description "name can have spaces" is inadequate; you'd be a lot closer to a solution with a more precise description. If you just want to allow spaces anywhere in the string, use the "x" modifier (if POSIX allows it) or just put a space in the brackets: ("/^[a-zA-Z_ ]+$/x")

I'm having trouble understanding what you want here - maybe somebody else will understand it. What "special characters"? If you're allowing all special characters, why do you need regex? If there are specific characters you want to allow, just put them inside the brackets.

Actually, I would advise you not to do this at all, but to use three fields for a US-style telephone number.

However, a simple PCRE regex for a ten-digit US telephone number using spaces as the seperator would be
"/^[2-9][0-9]{2} [2-9][0-9]{2} [0-9]{4}$/".
To match a space, just put a space in the expression; it's a character just like any other.

If you remove the "_", then the test will fail if there is a "_" in the string tested. The only reason you see it so often is because it is a "word" character, for example, it is allowed in "word only" file names. In short, for your "name" test, you should remove the "_".

No, afaik good regex supersedes stripslashes. There may be a concern, however, if you are uploading to a db, that quotation marks are handled correctly.

This is my best effort but again, I'm no expert.

I would advise you to learn a bit more regex before you try to use it. (Of course, someone could fairly say that I should learn a bit more regex before I try to give advice about it.)