my question is about validation using php. i am validating a username which a user would enter and clicks on a image to find if that username is available. example if a user enters abc#123 php file is reading this value as abc ONLY which i do not want instead the php file should read as abc#123. following is the sequence of pages. please advice the solution. first page = register.php here a user enters a username and clicks on an image to find out if the username is available or not. using a javascript function of onclick i am reading the value entered in the form in javascript as ============================================= var useri = document.registrationform.username var valueofuseri = document.registrationform.username.value var recui = /^\s{1,}$/g; if ((useri.value==null) || (useri.value=="") || (useri.length=="") || (useri.value.search(recui))> -1) { alert("Please Enter a User Name") return false } window.open("checkusernamei.php?theusernameis="+valueofuseri, "titleforavailabilityi", "width=680, height=275, status=1, scrollbars=1, resizeable=yes"); ============================================ i have used a alert message in javascript to display the value, javascript is able to capture all the characters entered which is abc#123 second page = checkusernamei.php = this file uses GET to read what was entered in the form. ============================================ $username = $_GET["theusernameis"]; if( $username == "" || !preg_match("/^[a-z0-9]+(?:_[a-z0-9]+)?$/i", $username) ) { echo "username is blank or has special characters"; } ============================================ the # sign is being ignored only if the image is clicked in order to check the username, if the user enters abc#123 and clicks the submit button without clicking on the checkuser image button then my php validation for username shows an error message. ============================================================== if( $username == "" || !preg_match("/^[a-z0-9]+(?:_[a-z0-9]+)?$/i", $username) ) { echo "display error message for username"; } ============================================================== now the problem is with clicking the image only and passing the value to checkusernamei.php using GET method i have also used an echo statement in checkusernamei.php as echo "value of username is ". $username; = this displays abc and not abc#123 how can i fix this problem wherein checkusernamei.php will be able to read abc#123. also in this checkusernamei.php file i have a select query which will read if the username already exists in the table. presently as checkusernamei.php is reading abc ONLY the select query is also passing abc and not abc#123 $select = "Select username from table where username = '$username'"; please advice. thanks.
# is a special character in url and should be encoded. You have to urlencode special characters, not just concatenate strings in javascript: http://lab.artlung.com/urlencode/ Explore this simple php example and see the difference between its and your query string (just enter something containing # or any other special characters): <? echo @$_GET['text']; echo '<form action=""><input type="text" name="text" /><input type="submit" /></form>'; ?> PHP:
thanks for replying i have another question. in the form if a user presses space bar and creates blank spaces i would like to validate this and display a error message. following is the code note= i am using technique for avoid sql injection ======================================================== if(get_magic_quotes_gpc()) { $lodgementnumber = stripslashes($_POST["lodgementnumber"]); } else { $lodgementnumber = trim($_POST["lodgementnumber"]); } if($lodgementnumber == "" || empty($lodgementnumber)) { $error = 'reference number cannot be blank'; } ======================================================== this code is not able to recognize when i press the space bar and create blank spaces. i have also tried the following if($lodgementnumber == "" || strlen($lodgementnumber) == 0 ) {} even this is not working. please advice how i can fix this. thanks
To find spaces in the string try: if(strpos($_GET["theusernameis"], ' ')) { echo('space found'); } else { echo('no spaces found'); } PHP: strpos searches for the first occurence of a string (the 'needle' which in our case is a space) in the 'haystack' which is the form field. If it doesn't find a space it will return false.