Mccode username

[PoNiT]

Can anyone please give me a php code that stops users from adding any special characters in their username.

I need to add this in register.php and in preferences.php.

As when people have a ' in their name, it acts as an sql injection and causes SERIOUS BUGS!

I dont know what code to do so only letters and numbers caan be used in usernames.

Please can someone help fast?

[PoNiT]

Re: Mccode username

thanks ill try.

[PoNiT]

Re: Mccode username

It does not work :(

[PoNiT]

Re: Mccode username

After some playing around with that code, i got to this:

 

You cant have your name with special characters in

but if you have special characters AND numbers/letters, it still works.

Any way i can stop that

[Magictallguy]

Re: Mccode username

 

$_POST['username'] = htmlentities(mysql_real_escape_string($_POST['username']));

Use that

[PoNiT]

Re: Mccode username

where do i add that on preferences.php and register.php?

[PoNiT]

Re: Mccode username

Thankyou Magictallguy

the code he posted didnt work for me (as i wanted) so i added him on msn and he geot me what i wanted :)

[Decepti0n]

Re: Mccode username

ctype_alnum

The one Magictallguy posted is pointless, why would you want users to have a username of *@!&$%^* anyway?

Lostone's didn't work because it didn't match the entire string I think. Dork

[Floydian]

Re: Mccode username

Here is how the Horizons Game Engine does user name validation, and it works 100% guaranteed, with no possibility of anything except letters, numbers, spaces and underscores.

 

	if (!isset($_REQUEST['ulogin'])) {
	$reg_error = "[*]Please submit a login name.";
	$form_highlight[1] = true;
} else {
	$ulogin = $_REQUEST['ulogin'];
	if (strlen(trim($ulogin)) < 7) {
		$reg_error = "[*]The login name must be at least 7 characters long.";
		$form_highlight[1] = true;
	} elseif (strlen(trim($ulogin)) > 20) {
		$reg_error = "[*]The login name must be 20 characters or less.";
		$form_highlight[1] = true;
	} elseif (!ctype_alnum(ereg_replace('[ _]', '', $ulogin))) {
		$reg_error = "[*]The login name may only contain letters, numbers, spaces, or underscores.";
		$form_highlight[1] = true;
	}
}

 

This portion here:

 

if (!ctype_alnum(ereg_replace('[ _]', '', $ulogin)))

 

is the portion that does what you want. ;)

it will detect an invalid name

[Guest Anonymous]

Re: Mccode username

 

$new_name = isset($_POST['new_name']) && is_string($_POST['new_name']) && preg_match("`^[a-z0-9_]{4,15}$`ims", trim($_POST['new_name'])) ? trim($_POST['new_name']) : null;
if (is_null($new_name))
echo "invalid name";
else
// check for duplicates ...

 

Just change the {4,15} to suit - minimum length, maximum length.

[PoNiT]

Re: Mccode username

thanks nyna. But where it says else, do i have to put

}

else

{

????

[Guest Anonymous]

Re: Mccode username

That's dependent on your context.

 

if (condition)
true_statement
else
false_statement


if (condtion)
{
true_statement
}
else
{
false_statement
}

 

The first form works only for single line statements, however the second form is needed when you are using multiple line statements.

Personally, I feel the second form used throughout, results in cleaner, more legible code, however I do mix the two in my own sources from time to time.

However... be that as it may -- asking this type of questions shows a lack of understanding of the language itself. Perhaps you would be better employed reading the PHP manual itself, and looking at much smaller games rather than diving into a DBS/MCcode's based game which is fraught with problems.

[PoNiT]

Re: Mccode username

I am better than i sound!!

I fix loads of bugs, i was just asking to make sure.

[Isomerizer]

Re: Mccode username

 

I am better than i sound!!

I fix loads of bugs, i was just asking to make sure.

Dude... If you need confirmation on how to use if / else statements, then your PHP knowledge clearly lacks..