Should I limit which characters a User can use when creating his/her “Username”??
I am using Prepared Statements, so SQL Injection shouldn’t be an issue, however , at the very least it would be annoying to have a User choose ~!@#$%^&*()_+ as a Username…
What do you think?
Debbie
Certainly messy usernames are no fun to read. There is a limit to what characters you can use in an email address and on sites like Twitter (letters, digits, underscore and period, I think), so it seems fair enough to set limits like that.
Well I’d remove anything that can conflict with SQL databases, or cause errors. I’m not sure if semi colons or any of those mess with it (even if it’s parsed as a string).
I’d resetrict users to all numbers and letters anyway. Personally. If I had many many users potentially I’d open the door to dashes and periods so all users canfind a unique name easily.
Actually, there are virtually no characters that you cannot use in E-mails these days.
I lean towards…
if (preg_match('#^[A-Z \\'.-]{8,30}$#i', $trimmed['username'])){
…but maybe “wide open” is better?
Since I am using Prepared Statements and don’t use Username as my Primary Key - although it is unique - I guess I can be a little more flexible?!
Debbie