By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,742 Members | 1,227 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,742 IT Pros & Developers. It's quick & easy.

validating username

P: n/a
i have used the following code to validate the username it is working
fine

=============================================
if( $username == "" || !preg_match("/^[a-z0-9]+(?:_[a-z0-9]+)?$/i",
$username) )
{
$error.="User name cannot be blank or has special characters";
}
=============================================

it does not accept UNDERSCORE at the beginning or end however while i
was testing with different special characters except for # the
validation works fine for all other special characters.

for example if i enter the user name as = abc#123

in this case # sign and what comes after # sign is being ignored. so
in this case the username is being read as abc ONLY and not abc#123

this is very strange, how can i still validate # sign and tell the
user that # sign is not a valid username like i have been doing with
any other special characters like = !@$...........

please advice.

thanks.
Jun 2 '08 #1
Share this Question
Share on Google+
5 Replies


P: n/a
..oO(Sudhakar)
>i have used the following code to validate the username it is working
fine

=============================================
if( $username == "" || !preg_match("/^[a-z0-9]+(?:_[a-z0-9]+)?$/i",
$username) )
{
$error.="User name cannot be blank or has special characters";
}
=============================================

it does not accept UNDERSCORE at the beginning or end however while i
was testing with different special characters except for # the
validation works fine for all other special characters.

for example if i enter the user name as = abc#123

in this case # sign and what comes after # sign is being ignored. so
in this case the username is being read as abc ONLY and not abc#123
Ignored by whom? Does $username contain the full name including the '#'?
Then preg_match() shouldn't have a problem with it.

Micha
Jun 2 '08 #2

P: n/a
Sudhakar wrote:
i have used the following code to validate the username it is working
fine

=============================================
if( $username == "" || !preg_match("/^[a-z0-9]+(?:_[a-z0-9]+)?$/i",
$username) )
{
$error.="User name cannot be blank or has special characters";
}
=============================================

it does not accept UNDERSCORE at the beginning or end however while i
was testing with different special characters except for # the
validation works fine for all other special characters.

for example if i enter the user name as = abc#123

in this case # sign and what comes after # sign is being ignored. so
in this case the username is being read as abc ONLY and not abc#123

this is very strange, how can i still validate # sign and tell the
user that # sign is not a valid username like i have been doing with
any other special characters like = !@$...........

please advice.

thanks.
Use \w, it's locale-specific, and includes underscore. It's simply:

preg_match('/^\w+$/', $string);

I'm not sure if this is what you meant.

--
Curtis
Jun 2 '08 #3

P: n/a
..oO(Sudhakar)
>On May 26, 3:13 pm, Michael Fesser <neti...@gmx.dewrote:
>>
Ignored by whom? Does $username contain the full name including the '#'?
Then preg_match() shouldn't have a problem with it.

thanks for replying. i have looked at the process and realised that i
am using GET method. following is the page sequence.

first page = register.php here a user enters a username and clicks on
an image to find out if the username is available or

not. using a javascript function of onclick i am reading the value
entered in the form in javascript as
=============================================
var useri = document.registrationform.username
var valueofuseri = document.registrationform.username.value

var recui = /^\s{1,}$/g;

if ((useri.value==null) || (useri.value=="") || (useri.length=="") ||
(useri.value.search(recui))-1)
{
alert("Please Enter a User Name")
return false
}

window.open("checkusernamei.php?theusernameis="+v alueofuseri,
"titleforavailabilityi", "width=680, height=275, status=1,

scrollbars=1, resizeable=yes");
What happens if there's no JS available or not enabled on the client?
Is there another server-side check?

Anyway, your JavaScript causes the problem. If the user name contains a
"#" like in "foo#bar" for example, you'll end up with a URL like this:

checkusernamei.php?theusernameis=foo#bar

But the '#' separates a URL from a fragment identifier, so all the
server will see here is just "checkusernamei.php?theusernameis=foo".

If such special chars are allowed in user names, you have to URL-encode
them. In a normal form submission the browser does this automatically,
but here you have to do it manually. Maybe there's already a JS function
available for that, I don't know.

Micha
Jun 2 '08 #4

P: n/a
On May 28, 4:36 pm, Michael Fesser <neti...@gmx.dewrote:
.oO(Sudhakar)
On May 26, 3:13 pm, Michael Fesser <neti...@gmx.dewrote:
Ignored by whom? Does $username contain the full name including the '#'?
Then preg_match() shouldn't have a problem with it.
thanks for replying. i have looked at the process and realised that i
am using GET method. following is the page sequence.
first page = register.php here a user enters a username and clicks on
an image to find out if the username is available or
not. using a javascript function of onclick i am reading the value
entered in the form in javascript as
=============================================
var useri = document.registrationform.username
var valueofuseri = document.registrationform.username.value
var recui = /^\s{1,}$/g;
if ((useri.value==null) || (useri.value=="") || (useri.length=="") ||
(useri.value.search(recui))-1)
{
alert("Please Enter a User Name")
return false
}
window.open("checkusernamei.php?theusernameis="+va lueofuseri,
"titleforavailabilityi", "width=680, height=275, status=1,
scrollbars=1, resizeable=yes");

What happens if there's no JS available or not enabled on the client?
Is there another server-side check?

Anyway, your JavaScript causes the problem. If the user name contains a
"#" like in "foo#bar" for example, you'll end up with a URL like this:

checkusernamei.php?theusernameis=foo#bar

But the '#' separates a URL from a fragment identifier, so all the
server will see here is just "checkusernamei.php?theusernameis=foo".

If such special chars are allowed in user names, you have to URL-encode
them. In a normal form submission the browser does this automatically,
but here you have to do it manually. Maybe there's already a JS function
available for that, I don't know.

Micha
thanks for replying. javascript is able to read with the # sign, so
should i use url-encode in javascript or in php. please advice.
Jun 2 '08 #5

P: n/a
Greetings, Sudhakar.
In reply to Your message dated Thursday, May 29, 2008, 23:55:03,
>Ignored by whom? Does $username contain the full name including the '#'?
Then preg_match() shouldn't have a problem with it.
>thanks for replying. i have looked at the process and realised that i
am using GET method. following is the page sequence.
>first page = register.php here a user enters a username and clicks on
an image to find out if the username is available or
>not. using a javascript function of onclick i am reading the value
entered in the form in javascript as
=============================================
var useri = document.registrationform.username
var valueofuseri = document.registrationform.username.value
>var recui = /^\s{1,}$/g;
>if ((useri.value==null) || (useri.value=="") || (useri.length=="") ||
(useri.value.search(recui))-1)
{
alert("Please Enter a User Name")
return false
}
>window.open("checkusernamei.php?theusernameis="+v alueofuseri,
"titleforavailabilityi", "width=680, height=275, status=1,
>scrollbars=1, resizeable=yes");

What happens if there's no JS available or not enabled on the client?
Is there another server-side check?

Anyway, your JavaScript causes the problem. If the user name contains a
"#" like in "foo#bar" for example, you'll end up with a URL like this:

checkusernamei.php?theusernameis=foo#bar

But the '#' separates a URL from a fragment identifier, so all the
server will see here is just "checkusernamei.php?theusernameis=foo".

If such special chars are allowed in user names, you have to URL-encode
them. In a normal form submission the browser does this automatically,
but here you have to do it manually. Maybe there's already a JS function
available for that, I don't know.
thanks for replying. javascript is able to read with the # sign, so
should i use url-encode in javascript or in php. please advice.
You'd better use POST method instead of GET, but if GET is absolutely
required, encode data before sending to server.
--
Sincerely Yours, AnrDaemon <an*******@freemail.ru>

Jun 27 '08 #6

This discussion thread is closed

Replies have been disabled for this discussion.