kwame123

So something like this https://www.w3schools.com/php/func_mysqli_stmt_init.asp http://php.net/manual/en/mysqli-stmt.prepare.php

i commented out the line because the line didnt work. and okay i will look into it

<?php include($_SERVER['DOCUMENT_ROOT']."/ext/inc/header.php"); $q = $_REQUEST["q"]; $username = mysqli_real_escape_string($conn, $q); //echo $username."test<Br>"; echo $q; mysqli_close($conn); ?> $q is the string that is being typed in an input box on another page. $username wont echo but $q will. how to escape $q so i can use it in database quires?

founds the answer you can have header("Location: ../"); exit;

can i have header("Location: ../"); exit; on same line? or header("Location: ../"); exit; ? if i cant have it on the same line is there a program which searches for header("Location: ../"); in files and then changes "header("Location: ../");" to "header("Location: ../"); exit" ?

oh my goodness thank you so much. not its fixed!

this is my code $re = '/[^\W][a-zA-Z\d.-]{3,20}/'; if(!preg_match_all($re, $username)){ do something }else{ do somthing else } $username is a $_POST['username']; when i submit a 3 letter word it works but when i use symbols like $ and ! and etc it still goes through, im trying to get a regex where the username is 4-20 characters long and only the alphabet and numbers and dots and dash but dots and dashs cant be next to each other thx