special characters in registration form

[sofia403]

I have a grid on my website that displays values from mysql that users post, and i don't want users to register with some special characters like $, <, ?, ! and especially ' . if someone registers with ' in their name my whole grid crashes! no values are displayed, nothing. Below i have a code which supposedly should check for that, but still special characters are posted. what am i doing wrong?

 

elseif (!preg_match('/^[a-zA-Z0-9-]*$/',($_POST['name']))) {
header( "Location:Messages.php?msg=16" ); 
}

[WebStyles]

You can use something like addslashes() before storing in database and stripslashes() when retrieving, allowing them to use more characters. Setting too many restrictions often makes many people give up.

 

if you still want to restrict everything, just to be on the safe side, you can do two things:

 

1. automatically convert invalid characters to something else:

  strtr($string, $from, $to); (http://php.net/manual/en/function.strtr.php)

  or

  $new = preg_replace(“/[^a-zA-Z0-9\s]/”, “”, $string);

 

2. just check if they exist and send out an error warning.

ctype_alnum($string); (http://php.net/manual/en/function.ctype-alnum.php)

 

hope this helped

 

 

[sofia403]

Sure did, thanks for your help!