0

I am making a registration/login form for my site but i came up with a problem... Trying to make the input strings from name and surname forms as cleaner as possible.I tried many premade functions to search strings and don't let users to use specials chars like @#$%^&*(){}" etc but when user is writing their name or surname in greek chars the without special chars, the function reads special chars.Below is the code:

$required_fields = array('name', 'surname', 'email', 'password', 'confirm_password');
$wrong_chars = "0123456789!@#$%^&*()+=-[]';,./{}|:<>?~";

foreach($required_fields as $field) {
        if($_POST[$field] == '') {
          $errors[] = "All Fields are required.";
          break;
        }
    }   

     if(empty($errors)) {
         if(strpbrk($name,$wrong_chars) !== false) {
           $errors[] = "You can't use special characters on field: Name.";  
         }
         else if(strpbrk($surname,$wrong_chars) !== false){
             $errors[] = "You can't use special characters on field: Surame.";
         }
     }

Any help here and if there is any suggestion for a better algorithm would be appreciated.Thanks in advance.

Thanagor
  • 36
  • 7
  • 3
    "*Trying to avoid sql injections*" - then use prepared statements, and convert your script to accept UTF-8 (so it accepts greek letters). See [UTF-8 All The Way Through](http://stackoverflow.com/questions/279170/utf-8-all-the-way-through) and [How can I prevent SQL-injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Qirel Jan 08 '16 at 20:50

1 Answers1

0

You can't have this approch because a lot of members have name with specialchars but if you want to do this you can use ctype_alnum() function like this:

$user = array();
$required_fields = array('name', 'surname', 'email', 'password', 'confirm_password');

foreach($required_fields as $field) {
    if(!array_key_exists($field,$_POST) || empty($_POST[$field])) {
        $errors[] = "$field field are required.";
    } else {
        $user[$field] = htmlentities($_POST[$field],ENT_QUOTES,'UTF-8');
    }
}   
$user = (object)$user;
if(empty($errors)) {
    if(!ctype_alnum($user->name)) {
        $errors[] = "You can't use special characters on field: Name.";  
    } elseif(!ctype_alnum($user->surname)) {
        $errors[] = "You can't use special characters on field: Surame.";
    }
}
var_dump($errors);
Moon
  • 19
  • 3
  • Doesn't work...I still enter names like hello!@#SSFASD and it's being accepted... – Thanagor Jan 09 '16 at 00:00
  • can you tell me what is print with : echo (!ctype_alnum(htmlentities('hello!@#SSFASD',ENT_QUOTES,'UTF-8')))?0:1; – Moon Jan 09 '16 at 00:29