Registration Security

[Arbitus]

How do I stop people from being able to use forms as their username or password?

 

Also, how could I use drop down boxs or radio buttons in a form and insert the answer into a database?

[limitphp]

What do you mean?

[Brian W]

What? Clarify please...

What forms? What are the forms supposed to do?

[Arbitus]

I don't want people's username to be

 

<input type="text" value="I have a weird username" />

 

when they are registering for a new account.

 

sorry for not being specific

[premiso]

Validate the username with restrictions you want...?

[Arbitus]

ya pretty much

 

[Brian W]

what do you not want them to be able to use?

use preg_match() and those pesky regular expressions to regulate their names and passwords.

[premiso]

What are the restrictions you want?

 

Be descriptive, no more than x characters must be at least x characters I do not want anything but numbers, -, _ and letters but has to have at least x letters no more than x numbers and can only have 1 - or _....

 

 

[Arbitus]

The only restriction I think I want is that it cannot contain html or php

[premiso]

strip_tags

 

That would get rid of any html, as far as php...let's try not to sit on the "cannot", and go with the "can".

 

It is a lot easier to say this can have this, instead of this cannot have this and this and this or this or this and that or this.

 

A lot easier and less coding.

[Arbitus]

haha alright thanks.

 

And what about using radio buttons and dropdown boxes? I want the user to be able to pick an option from a dropdown box and when it is submited have it put in the database.

[chronister]

You would do it the same way as you would for any form element.

 

<input type="radio" name="radioButtons" value="1">
<input type="radio" name="radioButtons" value="2">

<?php

$radioButtons = $_POST['radioButtons'];

$query = "INSERT INTO tableName ('fieldName') values($radioButtons) WHERE this='$that'";
$result = mysql_query($query);
?>