|
|
Posted by Rik on 01/27/07 13:56
Geoff Berrow <blthecat@ckdog.co.uk> wrote:
> Message-ID: <op.tmtehzlvqnv3q9@misant.kabel.utwente.nl> from Rik
> contained the following:
>
>> The way I usually handle it:
>> - I'll have a very retrictive character set for the username (usually
>> something like [a-zA-Z0-9_\s]+).
>
> That's the thing I was looking for. And how would I use that with
> preg_match? Just can't get my head round regex syntax, sorry.
Hmmz, correction, I seem to use [a-zA-Z0-9_-]
//checking on valid username, for instance when signing up.
$valid = !preg_match('/[^a-z0-9_-]/i',trim($_POST['username']));
//making the username valid when checking for inlog
$username = trim(preg_replace('/[^a-z0-9_-]/i',$_POST['username']));
Keep in mind you can get some lip from people wanting to use andré, garçon
etc... If they've got weird characters in their name they usually want it
in their username as well. It would be possible offcourse, but would
require a lot more checking and watching out for broken multibyte
strings. I'm lazy, so I just say that would be a security risk :-).
--
Rik Wasmus
Navigation:
[Reply to this message]
|