1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Regex to avoid SQL attack in username field

Discussion in 'Programming' started by Jangga, Jan 6, 2017.

Tags:
  1. Jangga

    Jangga Junior Member

    Joined:
    Aug 8, 2016
    Messages:
    123
    Likes Received:
    4
    Gender:
    Male
    Occupation:
    Freelancer: A reWriter
    Location:
    Africa
    I know it isn't fool proof to use regex in username field however, I am using the regex below. I still think it isn't foolproof. I just had to stop all special chars..... But I really want to allow users to use hyphen & fullstop if they prefer. It seems ucweb adds space to username field automatically (this is also a problem). I used trim func in php but no way.... Someone pls edit this code below

    if (preg_match('/[^\dA-Za-z\-\@\*\(\)\?\!\~\_\=\[\]]+/', $username))

    { echo "wrong inputs"; }
     
  2. Mex

    Mex Jr. VIP Jr. VIP

    Joined:
    Aug 31, 2016
    Messages:
    187
    Likes Received:
    67
    You should better use prepared statements, is not that different, it just adds a few more steps but totally worth it.
     
    • Thanks Thanks x 1
  3. tasburrfoot

    tasburrfoot Regular Member

    Joined:
    Dec 16, 2008
    Messages:
    323
    Likes Received:
    152