PoNiT Posted August 23, 2008 Posted August 23, 2008 Can anyone please give me a php code that stops users from adding any special characters in their username. I need to add this in register.php and in preferences.php. As when people have a ' in their name, it acts as an sql injection and causes SERIOUS BUGS! I dont know what code to do so only letters and numbers caan be used in usernames. Please can someone help fast? Quote
PoNiT Posted August 23, 2008 Author Posted August 23, 2008 Re: Mccode username It does not work :( Quote
PoNiT Posted August 23, 2008 Author Posted August 23, 2008 Re: Mccode username After some playing around with that code, i got to this: You cant have your name with special characters in but if you have special characters AND numbers/letters, it still works. Any way i can stop that Quote
Magictallguy Posted August 23, 2008 Posted August 23, 2008 Re: Mccode username $_POST['username'] = htmlentities(mysql_real_escape_string($_POST['username'])); Use that Quote
PoNiT Posted August 23, 2008 Author Posted August 23, 2008 Re: Mccode username where do i add that on preferences.php and register.php? Quote
PoNiT Posted August 23, 2008 Author Posted August 23, 2008 Re: Mccode username Thankyou Magictallguy the code he posted didnt work for me (as i wanted) so i added him on msn and he geot me what i wanted :) Quote
Decepti0n Posted August 23, 2008 Posted August 23, 2008 Re: Mccode username ctype_alnum The one Magictallguy posted is pointless, why would you want users to have a username of *@!&$%^* anyway? Lostone's didn't work because it didn't match the entire string I think. Dork Quote
Floydian Posted August 23, 2008 Posted August 23, 2008 Re: Mccode username Here is how the Horizons Game Engine does user name validation, and it works 100% guaranteed, with no possibility of anything except letters, numbers, spaces and underscores. if (!isset($_REQUEST['ulogin'])) { $reg_error = "[*]Please submit a login name."; $form_highlight[1] = true; } else { $ulogin = $_REQUEST['ulogin']; if (strlen(trim($ulogin)) < 7) { $reg_error = "[*]The login name must be at least 7 characters long."; $form_highlight[1] = true; } elseif (strlen(trim($ulogin)) > 20) { $reg_error = "[*]The login name must be 20 characters or less."; $form_highlight[1] = true; } elseif (!ctype_alnum(ereg_replace('[ _]', '', $ulogin))) { $reg_error = "[*]The login name may only contain letters, numbers, spaces, or underscores."; $form_highlight[1] = true; } } This portion here: if (!ctype_alnum(ereg_replace('[ _]', '', $ulogin))) is the portion that does what you want. ;) it will detect an invalid name Quote
Guest Anonymous Posted August 24, 2008 Posted August 24, 2008 Re: Mccode username $new_name = isset($_POST['new_name']) && is_string($_POST['new_name']) && preg_match("`^[a-z0-9_]{4,15}$`ims", trim($_POST['new_name'])) ? trim($_POST['new_name']) : null; if (is_null($new_name)) echo "invalid name"; else // check for duplicates ... Just change the {4,15} to suit - minimum length, maximum length. Quote
PoNiT Posted August 24, 2008 Author Posted August 24, 2008 Re: Mccode username thanks nyna. But where it says else, do i have to put } else { ???? Quote
Guest Anonymous Posted August 24, 2008 Posted August 24, 2008 Re: Mccode username That's dependent on your context. if (condition) true_statement else false_statement if (condtion) { true_statement } else { false_statement } The first form works only for single line statements, however the second form is needed when you are using multiple line statements. Personally, I feel the second form used throughout, results in cleaner, more legible code, however I do mix the two in my own sources from time to time. However... be that as it may -- asking this type of questions shows a lack of understanding of the language itself. Perhaps you would be better employed reading the PHP manual itself, and looking at much smaller games rather than diving into a DBS/MCcode's based game which is fraught with problems. Quote
PoNiT Posted August 24, 2008 Author Posted August 24, 2008 Re: Mccode username I am better than i sound!! I fix loads of bugs, i was just asking to make sure. Quote
Isomerizer Posted August 24, 2008 Posted August 24, 2008 Re: Mccode username I am better than i sound!! I fix loads of bugs, i was just asking to make sure. Dude... If you need confirmation on how to use if / else statements, then your PHP knowledge clearly lacks.. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.