None Pro None Pro - 4 months ago 20
MySQL Question

Space as first character

So I have a little problem Im facing at the moment, the registration and login works just fine but there's one glitch in it. If you only enter space as Username (basically press space few times and thats it) it will actually let you register, and same goes for the login.

if(isset($_POST['submit'])) { //kada kliknu dugme submit
if(!empty($nameX) || !empty($passX)) {
if($XX == true) {
if($passX == GetPlayerPassword($nameX)) {
echo "Dobrodosli nazad!";
header( 'Location: http://www.youtube.com/' );
}
else {
header( 'Location: ../main.php' );
}
}
else {
global $handler;
echo "Novi account registrovan! Dobrodosli!";
$tmpQuery = "INSERT INTO registrovani (Username, Password) VALUES ('".$nameX."','".$passX."')";
mysqli_query($handler,$tmpQuery);
}
}
else if(empty($nameX) || empty($passX)){
header( 'Location: ../main.php' );
}
}


So basically I can just register by pressing space few times in order to avoid username and password entry.

Answer

Use trim to remove leading and trailing spaces in the username before inserting the new record in the database.
You also probably want to add some code to reject registration in case the login the username is made only of spaces.

$nameX = trim($_POST['name']);
if ($nameX == '') {
   // registration rejected
}
else {
  // insert the record in the database
}

You should use trim when a user is logging in too.

Comments