Minimeallolla Posted November 12, 2010 Share Posted November 12, 2010 how would this code work? if ($_POST['username'] == "[, ., ,, _, -" ){ die('Invalid characters.'); i want it to mean if there are any characters like ", [ . - _ ' " or anything in the username then die('invalid characters.'); for extra safety Quote Link to comment Share on other sites More sharing options...
litebearer Posted November 12, 2010 Share Posted November 12, 2010 <?php if($_POST['username'] != preg_replace(“/[^a-zA-Z0-9\s]/”, “”, $_POST['username')) { // bad name }else{ // good name } ?> Quote Link to comment Share on other sites More sharing options...
litebearer Posted November 12, 2010 Share Posted November 12, 2010 BTW that leaves spaces - to also remove spaces - remome the \s Quote Link to comment Share on other sites More sharing options...
Minimeallolla Posted November 12, 2010 Author Share Posted November 12, 2010 i created an account called ltest, . - =_ .; ' and it worked so im guessing that code doesnt work properly? lol =[ um here is where i used it. if (isset($_POST['submit'])) { //This makes sure they did not leave any fields blank if (!$_POST['username'] | !$_POST['email'] | !$_POST['pass'] | !$_POST['pass2'] ) { die('You did not complete all of the required fields, <a href="/register.php">Please try again.</a>'); } if($_POST['username'] != preg_replace(“/[^a-zA-Z0-9\s]/”, “”, $_POST['username')) { die('Invalid characters'); }else{ // checks if the username is in use if(get_magic_quotes_gpc()) { $username= mysql_real_escape_string(stripslashes(trim($_POST['username']))); $pass= mysql_real_escape_string(stripslashes(trim($_POST['pass']))); } $usercheck = $_POST['username']; $check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { die('Sorry, the username '.$_POST['username'].' is already in use. <a href="/register.php">Please try again.'); } // this makes sure both passwords entered match if ($_POST['pass'] != $_POST['pass2']) { die('Your passwords did not match. <a href="/register.php">Please try again. '); } // here we encrypt the password and add slashes if needed $_POST['pass'] = md5($_POST['pass']); if(get_magic_quotes_gpc()) { $username= mysql_real_escape_string(stripslashes(trim($_POST['username']))); $pass= mysql_real_escape_string(stripslashes(trim($_POST['pass']))); } // here we check if the email field is entered correctly if (ereg("^([0-9,a-z,A-Z]+)([.,_]([0-9,a-z,A-Z]+))*[@]([0-9,a-z,A-Z]+)([.,_,-]([0-9,a-z,A-Z]+))*[.]([0-9,a-z,A-Z]){2}([0-9,a-z,A-Z])?$", $email)) { echo 'Email ok'; } else { die ('Email was not valid, <a href="/register.php">please try again</a>'); } // Here we set the value for the IP Address $_POST['ip'] = $_SERVER['REMOTE_ADDR']; // now we insert it into the database if(get_magic_quotes_gpc()) { $username= mysql_real_escape_string(stripslashes(trim($_POST['username']))); $pass= mysql_real_escape_string(stripslashes(trim($_POST['pass']))); } $insert = "INSERT INTO users (username, password, email, ip) VALUES ('".$_POST['username']."', '".$_POST['pass']."', '".$_POST['email']."', '".$_POST['ip']."')"; $add_member = mysql_query($insert); } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.