[SOLVED] Filter Bad Charactors

[Crew-Portal]

Hi I have a fully functional PHP / MySQL Script with Inserts Like $_POST['username'] and $_POST['password'] Now the scripts are set up so if NULL < or > Max Charactors It Displays Errors And So Forth... The only bad thing is they can user HTML in thier username to make thier name bold. How do i prevent certain charactors to be used in registration? Please help a N00B. Thanx in advance i am goin to bed so I will not thank you till tommorrow! So dont rush yourselves. Cya, in the morning!

[btherl]

One approach is to specify what is allowed, rather than what is not allowed:

 

$username = preg_replace('|[^[:alnum:]]|', '', $username);

 

This will remove anything that is not "alnum", which includes a-z, A-Z and 0-9 only.

 

Another option is to escape your usernames before output.  In this case, any attempts to use html will result in the html displaying as source, and not being interpreted:

 

print htmlspecialchars($username);

 

From the manual for this function: "This function is useful in preventing user-supplied text from containing HTML markup, such as in a message board or guest book application."

[tibberous]

Use strip_tags.

 

$username = strip_tags($_POST['username']);

[Crew-Portal]

K I am awake now and thank you for the posts!

 

TOPIC SOLVED!!!