Sign up script problem

Napster

I have this sign up script which perfectly except that it lets people use html for usernames and I dont want that, I put in Strip tages and !eregs what is wrong with it. Here is the script

I have this sign up script which perfectly except that it lets people use html for usernames and I dont want that, I put in Strip tages and !eregs what is wrong with it.  Here is the script 

php: 

<?php 

include("colours.inc.php"); 
include("jocey.inc.php"); 

$connection = mysql_connect($host,$user,$password) 
  or die ("Couldn't connect to the database"); 
mysql_select_db($database, $connection) 
  or die ("Couldn't select database"); 

$result2 = mysql_query("select count(*) as num_users FROM members WHERE username='$username'");  

$row = mysql_fetch_array($result2,MYSQL_ASSOC);  

if ($username == "") 
{ 
echo "Username is blank"; 
} 
elseif (!ereg("[A-Za-z_ -]{3,20}",$username))  

{ 
echo "Username is not in a valid format"; 
} 
elseif ($password1 == "") 
{ 
echo "The first password field is blank"; 
} 
elseif ($password2 == "") 
{ 
echo "The second password field is blank"; 
} 
elseif (!ereg("[A-Za-z_ -]{3,20}",$password1))  

{ 
echo "The first password is not in a valid format"; 
} 
elseif (!ereg("[A-Za-z_ -]{3,20}",$password2))  

{ 
echo "The second password is not in a valid format"; 
} 
elseif ($password1 != $password2) 
{ 
echo "The passwords are not the same"; 
} 
elseif ($email == "") 
{ 
echo "Email is blank"; 
} 
elseif (!ereg("[A-Za-z_@.-]{3,20}",$email))  

{   //50 
echo "Email is not in a valid format"; 
} 
elseif ($sex == "") 
{ 
echo "Are you Male or Female?"; 
} 
elseif ($race == "") 
{ 
echo "What is your race?"; 
}//60 
elseif ($profession == "") 
{ 
echo "What is your class?"; 
} 
elseif ($row[num_users] > 0) 
{ 
echo "That username is already used"; 
} 
elseif ($username == blah) 
{ 
echo "You can not use that username"; 
} 
else 
{ 
$first = strip_tags(trim($username)); 
$last = strip_tags(trim($password2)); 
$email = strip_tags(trim($email)); 

$query = "INSERT INTO members (username,password,email,race,sex,exp,level,money,profession) VALUES ('$username','$password2','$email','$race','$sex','0','1','90','$profession')"; 
$result = mysql_query($query) or die (mysql_error()); 

mail("$email", "Welcome to Elarune", "Hi and welcome to Elarune, you personal information is as follows  

Username: $username  

Password: $password2   

           The Elarune Staff"); 

echo "You have been successfully signed up<br><a href='index.php'>Go Home</a>"; 
} 

?>

Napster

Doe anybody know

John_Canyon

Here is a function that will do the trick for you.

function filter($document)
{
	$search = array ("'<script[^>]*?>.*?</script>'si",  // Strip out javascript
	                 "'<[\/\!]*?[^<>]*?>'si",           // Strip out html tags
	                 "'([\r\n])[\s]+'",                 // Strip out white space
	                 "'&(quot|#34);'i",                 // Replace html entities
	                 "'&(amp|#38);'i",
	                 "'&(lt|#60);'i",
	                 "'&(gt|#62);'i",
	                 "'&(nbsp|#160);'i",
	                 "'&(iexcl|#161);'i",
	                 "'&(cent|#162);'i",
	                 "'&(pound|#163);'i",
	                 "'&(copy|#169);'i",
	                 "'&#(\d+);'e",
					 "'\"'i",
					 "'•'i",
					 "'\\\\\''i"		);                    // evaluate as php

$text = preg_replace ($search, '', $document);	
return $text;
}

Cheers.

John

Napster

WHAT??