2013-11-25 44 views
0

我如何從輸入塊!@#$%^ * &()_字母
這是我的代碼PHP模塊提交符號

$query = htmlspecialchars(trim($_GET['search'])); 
$min_length = 3; 
if (strlen($query) >= $min_length) { 
    $query = htmlspecialchars(trim($query)); 
    $query = mysql_real_escape_string($query); 
    $raw_results = mysql_query("SELECT * FROM skins WHERE (`username` LIKE '%" . $query . "%')") or die(mysql_error()); 
} 
+1

「^ [A-ZA-Z _] * $」 應爲如果允許大寫和小寫 – DevlshOne

+0

工作,爲什麼這行$查詢=用htmlspecialchars(TRIM( $ query));你已經在if之前做了這個? – Pwner

+0

你仍然需要去和**勾選正確的答案**:[這裏](http://stackoverflow.com/questions/20029234/mysql-get-random-username/20029355#20029355)。 – Jimbo

回答

0
$query = htmlspecialchars(trim($_GET['search'])); 
$min_length = 3; 
if (strlen($query) >= $min_length) { 
    if(preg_match('/^[A-Za-z0-9_]+$/',$query)){ 
     $query = htmlspecialchars(trim($query)); 
     $query = mysql_real_escape_string($query); 
     $raw_results = mysql_query("SELECT * FROM skins WHERE (`username` LIKE '%" . $query . "%')") or die(mysql_error()); 
    } else { 
     //do something if $query contains something else than alphanumeric and _ chars 
    } 
}