-3

这是我的代码:

<tr class="top">
                <th><label for="userName"><?php echo NICKNAME; ?></label></th>
                <td>
                    <input id="userName" class="text" name="name" maxlength="15"        type="text" value="<?php echo $form->getValue('name'); ?>">
                    <span class="error"><?php echo $form->getError('name'); ?></span>
                </td>
            </tr>

我想防止特殊字符(如 ^ < > !' + % &)和其他字符(ç i ğ ü ö)

完整的 PHP 文件: http: //pastebin.com/RBQ2TF6S

我需要这个代码,请简单地告诉我..

谢谢你。

编辑:我的语言文件:

define("USRNM_EMPTY","(Kullanıcı adı boş)");
define("USRNM_TAKEN","(İsim zaten kullanımda.)");
define("USRNM_SHORT","(min. ".USRNM_MIN_LENGTH." figures)");
define("USRNM_CHAR","(Geçersiz Karakterler)");

EDIT2:或者我们可以阻止注册 db_mysql.php

function register($username, $password, $email, $tribe, $act) {
    $time = time();
    $timep = (time() + PROTECTION);
    $q = "INSERT INTO " . TB_PREFIX . "users (username,password,access,email,timestamp,tribe,act,protect,lastupdate,regtime) VALUES ('$username', '$password', " . USER . ", '$email', $time, $tribe, '$act', $timep, $time, $time)";
    if(mysql_query($q, $this->connection)) {
        return mysql_insert_id($this->connection);
    } else {
        return false;
    }
}
4

1 回答 1

0
function register($username, $password, $email, $tribe, $act) {
    $time = time();
    $timep = (time() + PROTECTION);
    if (ctype_alnum($username)) {
      $q = "INSERT INTO " . TB_PREFIX . "users (username,password,access,email,timestamp,tribe,act,protect,lastupdate,regtime) VALUES ('$username', '$password', " . USER . ", '$email', $time, $tribe, '$act', $timep, $time, $time)";
      if(mysql_query($q, $this->connection)) {
          return mysql_insert_id($this->connection);
      } else {
          return false;
      }
    } else {
      return false;
    }
}
于 2013-01-12T10:54:46.290 回答