Orionsbelter Posted July 18, 2008 Share Posted July 18, 2008 hi i know the mysql_espace_string() and the addslashes() but what i need to know is are there any other ways and also can i use these for username string for example if someone logs in to my websites and it addslashes wont it just totally change the username? e.g. username's login would change to username'/s login then my website would think its a invaild username wouldn't it ? and is there a fucntion to remove these slashes? Quote Link to comment Share on other sites More sharing options...
awpti Posted July 18, 2008 Share Posted July 18, 2008 Use regular expression. Best to force usernames to be A-Z a-z 0-9. Match that and you'll be fine for usernames. Quote Link to comment Share on other sites More sharing options...
Orionsbelter Posted July 18, 2008 Author Share Posted July 18, 2008 thanks but not very helpful Quote Link to comment Share on other sites More sharing options...
nadeemshafi9 Posted July 18, 2008 Share Posted July 18, 2008 use ereg to find characters from an arrray that u impliment. Quote Link to comment Share on other sites More sharing options...
Jmz Posted July 18, 2008 Share Posted July 18, 2008 Well if you used addslashes on the register page the username would be "username'/s login" if you also use addslashes on the login page then it would still be "username'/s login" so it would work. You could then use stripslashes() to remove the ' if you wanted to print it to the screen. But like awpti said, you should keep it alphanumeric if you can. Quote Link to comment Share on other sites More sharing options...
JasonLewis Posted July 18, 2008 Share Posted July 18, 2008 Regular Expressions: if(preg_match("/^[a-zA-Z0-9]+$/",$username)){ die("Good username"); }else{ die("Bad username"); } Quote Link to comment Share on other sites More sharing options...
waynew Posted July 18, 2008 Share Posted July 18, 2008 DO NOT use addslashes. Always use mysql_real_escape_string() instead while a mySQL connection is in existence. addslashes is open to being fooled. As the guys above said, try to force usernames into being only A-Z 0-9. On list menu forms, give you options corresponding numbers and then check if they are numeric with is_numeric() which returns a 1 if it is. Try to use only numerical values for GET values and check to see if they are numerical (also use strip_tags). Quote Link to comment Share on other sites More sharing options...
waynew Posted July 18, 2008 Share Posted July 18, 2008 Also check out prepared statements with sprintf(). Also, see http://www.homeandlearn.co.uk/php/php13p5.html Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.