PoNiT Posted August 23, 2008 Share Posted August 23, 2008 Can anyone please give me a php code that stops users from adding any special characters in their username. I need to add this in register.php and in preferences.php. As when people have a ' in their name, it acts as an sql injection and causes SERIOUS BUGS! I dont know what code to do so only letters and numbers caan be used in usernames. Please can someone help fast? Quote Link to comment Share on other sites More sharing options...
PoNiT Posted August 23, 2008 Author Share Posted August 23, 2008 Re: Mccode username thanks ill try. Quote Link to comment Share on other sites More sharing options...
PoNiT Posted August 23, 2008 Author Share Posted August 23, 2008 Re: Mccode username It does not work :( Quote Link to comment Share on other sites More sharing options...
PoNiT Posted August 23, 2008 Author Share Posted August 23, 2008 Re: Mccode username After some playing around with that code, i got to this: You cant have your name with special characters in but if you have special characters AND numbers/letters, it still works. Any way i can stop that Quote Link to comment Share on other sites More sharing options...
Magictallguy Posted August 23, 2008 Share Posted August 23, 2008 Re: Mccode username $_POST['username'] = htmlentities(mysql_real_escape_string($_POST['username'])); Use that Quote Link to comment Share on other sites More sharing options...
PoNiT Posted August 23, 2008 Author Share Posted August 23, 2008 Re: Mccode username where do i add that on preferences.php and register.php? Quote Link to comment Share on other sites More sharing options...
PoNiT Posted August 23, 2008 Author Share Posted August 23, 2008 Re: Mccode username Thankyou Magictallguy the code he posted didnt work for me (as i wanted) so i added him on msn and he geot me what i wanted :) Quote Link to comment Share on other sites More sharing options...
Decepti0n Posted August 23, 2008 Share Posted August 23, 2008 Re: Mccode username ctype_alnum The one Magictallguy posted is pointless, why would you want users to have a username of *@!&$%^* anyway? Lostone's didn't work because it didn't match the entire string I think. Dork Quote Link to comment Share on other sites More sharing options...
Floydian Posted August 23, 2008 Share Posted August 23, 2008 Re: Mccode username Here is how the Horizons Game Engine does user name validation, and it works 100% guaranteed, with no possibility of anything except letters, numbers, spaces and underscores. if (!isset($_REQUEST['ulogin'])) { $reg_error = "[*]Please submit a login name."; $form_highlight[1] = true; } else { $ulogin = $_REQUEST['ulogin']; if (strlen(trim($ulogin)) < 7) { $reg_error = "[*]The login name must be at least 7 characters long."; $form_highlight[1] = true; } elseif (strlen(trim($ulogin)) > 20) { $reg_error = "[*]The login name must be 20 characters or less."; $form_highlight[1] = true; } elseif (!ctype_alnum(ereg_replace('[ _]', '', $ulogin))) { $reg_error = "[*]The login name may only contain letters, numbers, spaces, or underscores."; $form_highlight[1] = true; } } This portion here: if (!ctype_alnum(ereg_replace('[ _]', '', $ulogin))) is the portion that does what you want. ;) it will detect an invalid name Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted August 24, 2008 Share Posted August 24, 2008 Re: Mccode username $new_name = isset($_POST['new_name']) && is_string($_POST['new_name']) && preg_match("`^[a-z0-9_]{4,15}$`ims", trim($_POST['new_name'])) ? trim($_POST['new_name']) : null; if (is_null($new_name)) echo "invalid name"; else // check for duplicates ... Just change the {4,15} to suit - minimum length, maximum length. Quote Link to comment Share on other sites More sharing options...
PoNiT Posted August 24, 2008 Author Share Posted August 24, 2008 Re: Mccode username thanks nyna. But where it says else, do i have to put } else { ???? Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted August 24, 2008 Share Posted August 24, 2008 Re: Mccode username That's dependent on your context. if (condition) true_statement else false_statement if (condtion) { true_statement } else { false_statement } The first form works only for single line statements, however the second form is needed when you are using multiple line statements. Personally, I feel the second form used throughout, results in cleaner, more legible code, however I do mix the two in my own sources from time to time. However... be that as it may -- asking this type of questions shows a lack of understanding of the language itself. Perhaps you would be better employed reading the PHP manual itself, and looking at much smaller games rather than diving into a DBS/MCcode's based game which is fraught with problems. Quote Link to comment Share on other sites More sharing options...
PoNiT Posted August 24, 2008 Author Share Posted August 24, 2008 Re: Mccode username I am better than i sound!! I fix loads of bugs, i was just asking to make sure. Quote Link to comment Share on other sites More sharing options...
Isomerizer Posted August 24, 2008 Share Posted August 24, 2008 Re: Mccode username I am better than i sound!! I fix loads of bugs, i was just asking to make sure. Dude... If you need confirmation on how to use if / else statements, then your PHP knowledge clearly lacks.. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.