Username Field

BrentonEccles

When creating a username field, whats a script/code I should use to get php to check that the username is safe? eg: username only has numbers, letters, underscores?

Thanks for your help! 😃

NogDog

if(preg_match('/\W/', $username))
{
   // invalid
}

BrentonEccles

And that will prevent MySQL injection and such aswell??

NogDog

It will do exactly what you asked: check to see if there are any characters in the string which are not letter, numbers, or underscores.

As a serendipitous side-effect, any string which passes that test should be incapable of doing any SQL injection. But I would still process all user-supplied inputs through the applicable filter before using it in a query (e.g. [man]mysql_real_escape_string/man if using MySQL functions). This accords both with the concept of "layered security" along with the "trust nothing" mentality a good coder should have -- or with the concept of the man who wears a belt plus suspenders and carries a ball of string in his pocket just in case. 🙂