take away codetags

guest

ok for this site

http://www.suidroot.com/create.php?core=spawn

you could register as the name "<script>" then have a javascript command n stuff.. so how would you be able to fix this by not allowing anything with "<" ">", with no code tags of anykind

rehfeld

usually you decide upon a list of characters which are allowed in a username, and make sure the username entered abides by the rules. if not, deny the username.

like for example, this would make sure every character is
either a letter, number, or - or _


if (preg_match('#[^A-Za-z0-9_-]#', $username)) {
    // bad username
} else {
    // acceptable
}

guest

wait so will that script accept or not accept "<" and ">", and what would be the code so that no cot tags are accepted

"< - >"??

Frederick

You could use strip_tags() function and allow only those tags by listing them. PHP will stript all tags not listed.

Strip All
<?php strip_tags($text); ?>

Allow links, font, bold,underline
<?php strip_tags($text,"<a>,<font>,<b>,<u>"); ?>

planetsim

You can also convert the < to there special characters code using htmlentities

tsinka

Hi,

what about changing the pattern a little bit:

if (!preg_match('#^[A-Za-z0-9_-]{5,}$#', $username)) {
    // bad username
} else {
    // acceptable
}

That should check if the username has at least 5 characters and contains only the given characters.

Thomas