Posted by Curtis on 01/28/07 23:29

On Jan 27, 5:56 am, Rik <luiheidsgoe...@hotmail.com> wrote:
> Geoff Berrow <blthe...@ckdog.co.uk> wrote:
> > Message-ID: <op.tmtehzlvqnv...@misant.kabel.utwente.nl> from Rik
> > contained the following:
>
> >> The way I usually handle it:
> >> - I'll have a very retrictive character set for the username (usually
> >> something like [a-zA-Z0-9_\s]+).
>
> > That's the thing I was looking for. And how would I use that with
> > preg_match? Just can't get my head round regex syntax, sorry.
>
> Hmmz, correction, I seem to use [a-zA-Z0-9_-]
>

This is also fairly restrictive, but allows spaces (as opposed to
allowing tabs or newlines): [\w -]
Note: \w is the same as [a-zA-Z0-9_]

> //checking on valid username, for instance when signing up.
> $valid = !preg_match('/[^a-z0-9_-]/i',trim($_POST['username']));
>
> //making the username valid when checking for inlog
> $username = trim(preg_replace('/[^a-z0-9_-]/i',$_POST['username']));
>
> Keep in mind you can get some lip from people wanting to use andré, garçon
> etc... If they've got weird characters in their name they usually want it
> in their username as well. It would be possible offcourse, but would
> require a lot more checking and watching out for broken multibyte
> strings. I'm lazy, so I just say that would be a security risk :-).
> --
> Rik Wasmus

Lol, that's pretty funny.

--
Curtis

[Back to original message]