Geoff Berrow <bl******@ckdog.co.ukwrote:
Message-ID: <op***************@misant.kabel.utwente.nlfrom Rik
contained the following:
>The way I usually handle it:
- I'll have a very retrictive character set for the username (usually
something like [a-zA-Z0-9_\s]+).
That's the thing I was looking for. And how would I use that with
preg_match? Just can't get my head round regex syntax, sorry.
Hmmz, correction, I seem to use [a-zA-Z0-9_-]
//checking on valid username, for instance when signing up.
$valid = !preg_match('/[^a-z0-9_-]/i',trim($_POST['username']));
//making the username valid when checking for inlog
$username = trim(preg_replace('/[^a-z0-9_-]/i',$_POST['username']));
Keep in mind you can get some lip from people wanting to use andré, garçon
etc... If they've got weird characters in their name they usually want it
in their username as well. It would be possible offcourse, but would
require a lot more checking and watching out for broken multibyte
strings. I'm lazy, so I just say that would be a security risk :-).
--
Rik Wasmus