Originally posted by keith73
why use htmlentities? Just use strip_tags and take the tags out all together. Tags have no business being part of a username.

• keith [/B]

strip_tags() is great, but you have to be careful ... apparently it doesn't take out mixed case tags. Ie., <sCriPT> ...

Originally posted by steadyguy
strip_tags() is great, but you have to be careful ... apparently it doesn't take out mixed case tags. Ie., <sCriPT> ...

yep, and if you read the notes at the manual for [man]strip_tags[/man] there are many solutions to get around it, and is supposedly supposed to be fixed in PHP5

Originally posted by steadyguy
strip_tags() is great, but you have to be careful ... apparently it doesn't take out mixed case tags. Ie., <sCriPT> ...

strtolower() usernames have no business being mixed case IMO :p

Originally posted by tekky
strtolower() usernames have no business being mixed case IMO :p

, I'm going to have to get over my English bias that tells me proper nouns are supposed to be capitalised, then!

Originally posted by Weedpacket

then strtoupper() if thats your preference :p

however I wouldnt call a username a noun, its no different than an ID# to me.... (But thats just me...)

my username on PHPBuilder is "BuzzLY." Not buzzly, or BUZZLY, or even BuzzLy. It's not that I'm trying to be a 1337 h4x0r or anything -- it's simply how I prefer to "spell" it. I would be a bit annoyed if I typed BuzzLY as my username on a site and it automatically changed it to buzzly.

If you are going to go through the trouble of scrubbing, the least you can do is leave the "clean" stuff the way it was.

Originally posted by BuzzLY
my username on PHPBuilder is "BuzzLY." Not buzzly, or BUZZLY, or even BuzzLy. It's not that I'm trying to be a 1337 h4x0r or anything -- it's simply how I prefer to "spell" it. I would be a bit annoyed if I typed BuzzLY as my username on a site and it automatically changed it to buzzly.

If you are going to go through the trouble of scrubbing, the least you can do is leave the "clean" stuff the way it was.

hehe, if I designed a username system for public use I might care... my login stuff is generally for me a and a select few friends who also prefer lowercase to mixed case or uppercase... :p

if it were for public use... then yah... :p (i might consider it then )

That's why I said to use htmlentities()...so that a user's username may be &amp;lt;hello&amp;gt; but will appear as <hello>

htmlentities() also takes care of a few other characters, if I remember correctly.

Originally posted by tekky
hehe, if I designed a username system for public use I might care... my login stuff is generally for me a and a select few friends who also prefer lowercase to mixed case or uppercase... :p

I guess then PolishGuy isn't one of your select few friends.

Then again, given the meaning of the word "noun", ID numbers are nouns.

Noticing that everyone on this page at least one uppercase letter cept for tekky.....

Either way, for the case of authentication, you could use strtolower if you wer going to check the DB like
WHERE lower(username) = '".strtolower($userName)."'

But I agree that actually changing the case of usernames would just bug me

Originally posted by stolzyboy
yep, and if you read the notes at the manual for [man]strip_tags[/man] there are many solutions to get around it, and is supposedly supposed to be fixed in PHP5

yup, 'tis. just tested.

Originally posted by tekky
lol no... but the Polish girl is... (my wife that is )

Well there you go then: somehow I suspect she wouldn't appreciate being called the "polish girl"...