views:

26

answers:

2

My website has an opt-in member directory. Currently, the error checking function simply looks at the form $_POST to see if (!empty($userRealName)) and then allows the member to appear in the list.

It took about 30 minutes for someone to show up as a blank name in the list, and upon examination of the database I've determined it's because their "real name" is - in other words, a single space.

So, clearly that blows right through my simple !empty() check. Where do I go from here to enforce users needing a name to be listed in the directory?

A: 

trim()

Col. Shrapnel
+3  A: 

Use trim to remove blank characters in the beginning and end of the string. Also try to enforce which characters are allowed in the field, for example with preg_match or filter_var.

Emil Vikström