sofia403 Posted June 2, 2011 Share Posted June 2, 2011 I have a grid on my website that displays values from mysql that users post, and i don't want users to register with some special characters like $, <, ?, ! and especially ' . if someone registers with ' in their name my whole grid crashes! no values are displayed, nothing. Below i have a code which supposedly should check for that, but still special characters are posted. what am i doing wrong? elseif (!preg_match('/^[a-zA-Z0-9-]*$/',($_POST['name']))) { header( "Location:Messages.php?msg=16" ); } Quote Link to comment Share on other sites More sharing options...
WebStyles Posted June 2, 2011 Share Posted June 2, 2011 You can use something like addslashes() before storing in database and stripslashes() when retrieving, allowing them to use more characters. Setting too many restrictions often makes many people give up. if you still want to restrict everything, just to be on the safe side, you can do two things: 1. automatically convert invalid characters to something else: strtr($string, $from, $to); (http://php.net/manual/en/function.strtr.php) or $new = preg_replace(“/[^a-zA-Z0-9\s]/”, “”, $string); 2. just check if they exist and send out an error warning. ctype_alnum($string); (http://php.net/manual/en/function.ctype-alnum.php) hope this helped Quote Link to comment Share on other sites More sharing options...
sofia403 Posted June 3, 2011 Author Share Posted June 3, 2011 Sure did, thanks for your help! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.