My website has an opt-in member directory. Currently, the error checking function simply looks at the form $_POST to see if (!empty($userRealName))
and then allows the member to appear in the list.
It took about 30 minutes for someone to show up as a blank name in the list, and upon examination of the database I've determined it's because their "real name" is - in other words, a single space.
So, clearly that blows right through my simple !empty()
check. Where do I go from here to enforce users needing a name to be listed in the directory?