Minimeallolla Posted November 12, 2010 Share Posted November 12, 2010 how would this code work? if ($_POST['username'] == "[, ., ,, _, -" ){ die('Invalid characters.'); i want it to mean if there are any characters like ", [ . - _ ' " or anything in the username then die('invalid characters.'); for extra safety Link to comment https://forums.phpfreaks.com/topic/218447-username-protection-need-help/ Share on other sites More sharing options...
litebearer Posted November 12, 2010 Share Posted November 12, 2010 <?php if($_POST['username'] != preg_replace(“/[^a-zA-Z0-9\s]/”, “”, $_POST['username')) { // bad name }else{ // good name } ?> Link to comment https://forums.phpfreaks.com/topic/218447-username-protection-need-help/#findComment-1133266 Share on other sites More sharing options...
litebearer Posted November 12, 2010 Share Posted November 12, 2010 BTW that leaves spaces - to also remove spaces - remome the \s Link to comment https://forums.phpfreaks.com/topic/218447-username-protection-need-help/#findComment-1133268 Share on other sites More sharing options...
Minimeallolla Posted November 12, 2010 Author Share Posted November 12, 2010 i created an account called ltest, . - =_ .; ' and it worked so im guessing that code doesnt work properly? lol =[ um here is where i used it. if (isset($_POST['submit'])) { //This makes sure they did not leave any fields blank if (!$_POST['username'] | !$_POST['email'] | !$_POST['pass'] | !$_POST['pass2'] ) { die('You did not complete all of the required fields, <a href="/register.php">Please try again.</a>'); } if($_POST['username'] != preg_replace(“/[^a-zA-Z0-9\s]/”, “”, $_POST['username')) { die('Invalid characters'); }else{ // checks if the username is in use if(get_magic_quotes_gpc()) { $username= mysql_real_escape_string(stripslashes(trim($_POST['username']))); $pass= mysql_real_escape_string(stripslashes(trim($_POST['pass']))); } $usercheck = $_POST['username']; $check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { die('Sorry, the username '.$_POST['username'].' is already in use. <a href="/register.php">Please try again.'); } // this makes sure both passwords entered match if ($_POST['pass'] != $_POST['pass2']) { die('Your passwords did not match. <a href="/register.php">Please try again. '); } // here we encrypt the password and add slashes if needed $_POST['pass'] = md5($_POST['pass']); if(get_magic_quotes_gpc()) { $username= mysql_real_escape_string(stripslashes(trim($_POST['username']))); $pass= mysql_real_escape_string(stripslashes(trim($_POST['pass']))); } // here we check if the email field is entered correctly if (ereg("^([0-9,a-z,A-Z]+)([.,_]([0-9,a-z,A-Z]+))*[@]([0-9,a-z,A-Z]+)([.,_,-]([0-9,a-z,A-Z]+))*[.]([0-9,a-z,A-Z]){2}([0-9,a-z,A-Z])?$", $email)) { echo 'Email ok'; } else { die ('Email was not valid, <a href="/register.php">please try again</a>'); } // Here we set the value for the IP Address $_POST['ip'] = $_SERVER['REMOTE_ADDR']; // now we insert it into the database if(get_magic_quotes_gpc()) { $username= mysql_real_escape_string(stripslashes(trim($_POST['username']))); $pass= mysql_real_escape_string(stripslashes(trim($_POST['pass']))); } $insert = "INSERT INTO users (username, password, email, ip) VALUES ('".$_POST['username']."', '".$_POST['pass']."', '".$_POST['email']."', '".$_POST['ip']."')"; $add_member = mysql_query($insert); } Link to comment https://forums.phpfreaks.com/topic/218447-username-protection-need-help/#findComment-1133270 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.