Planetarion Forums - View Single Post

(°> · 27 Aug 2003, 16:11

If they are using PHP some charcters can do nasty stuff to a MYSQL database query.
Unless they use addslashes and stripslashes ....
but it's easier to just limit the input to alphanumeric

if (!preg_match("/^[a-z0-9]+$/i", $username)) {echo ("Alphanumeric characters only.") ; exit;}

Shame \o/ but it's what I'd do.

27 Aug 2003, 16:11	#17
(°> lowly ensign Join Date: Aug 2001 Posts: 66	If they are using PHP some charcters can do nasty stuff to a MYSQL database query. Unless they use addslashes and stripslashes .... but it's easier to just limit the input to alphanumeric if (!preg_match("/^[a-z0-9]+$/i", $username)) {echo ("Alphanumeric characters only.") ; exit;} Shame \o/ but it's what I'd do.