Basically, you want to do a regular expression to see what characters are in
the username, and make none of them are illegal...
I currently have the rules of
5-30 characters
lowercase, numbers 0-9 and underscore (_) only
I achieve this with:
<?
if((!preg_match("/^[a-z0-9_]*$/", $username)) OR (strlen($username) < 5) OR
(strlen($username) > 30) ) {
echo "username invalid -- must contain only blah blah blah";
}
You could extend preg_match("/^[a-z0-9_]*$/", $username) to match more or
less characters to suit your needs, but I'm no expert.
[a-zA-Z0-9_-] would also include a dash (-) and uppercase chars
Best advice I can give you is rather than worrying about which chars might
do damage, think the other way, and only allow characters you trust.
Justin
on 10/01/03 1:46 AM, Vernon ([EMAIL PROTECTED]) wrote:
> I'm having trouble when a user post a message to a MySQL database where if a
> user create a user name like 'user&user' as the & symbol is used in URLs.
> Does anyone have any idea how I can inform user that they have entered and
> illegal character and are there are illegal characters that I should let
> them use other than '&' and '?'
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
