If they are using PHP some charcters can do nasty stuff to a MYSQL database query.
Unless they use addslashes and stripslashes ....
but it's easier to just limit the input to alphanumeric
if (!preg_match("/^[a-z0-9]+$/i", $username)) {echo ("Alphanumeric characters only.") ; exit;}
Shame \o/ but it's what I'd do.
|