registration form checking order in php?

Question

i have a problem with this registration form, im checking the password and username, this is the process im doing it in?

php:

$username = mysql_real_escape_string($_POST['username']);
 $password = md5(mysql_real_escape_string($_POST['pass']));


    //check if username is valid
        if (ereg("^[a-zA-Z0-9_\-]+$", $username)){

             die(msg(0,"oOps, This username is not valid, only numbers, letters and underscores allowed"));

        }

        // check if password is more than 6

    if(strlen($password) < 6){

       die(msg(0,"oOps, The password has to be more than 6 characters, be tricky!"));
    }

but i type the user, password correctly, but its still giving me the errors shown, is thier something wrong with the checking :)) thanks

Answer 1

It doesn't make sense to check the validity of $username after passing it through mysql_real_escape_string() since that function will escape certain characters, and the resultant 'username' will end up containing '\' characters, and therefore always fail your regexp.

(Also, you appear to be checking for a username, and die()ing if it's valid. Are you sure that code is exactly how you're written it?)

Likewise, it doesn't make any sense to check the length of $password after passing it through md5(). md5() will convert anything into a 32-character string, so that condition will always fail.

P.S.

// check if password is more than 6

if(strlen($password) < 6){

If you're going to over-comment code, at least make sure the comment is accurate! ;-)