My friend told me one password for logging in some site having no proper sql written in the php code for MySQL.
Give username anyone that you like and give password as ' OR 1=1 # and click the login button, I tried that in some of the sites. It allows to log in.
I tried the same to my developed site. It did not allow. I have also written the same query but having proper quotes.
Be careful while writing your script.
Thanks for your # problem...
Thanks & Regards
Udayakumar Sarangapani
Sr. PHP Developer
CompIndia Infotech Pvt. Ltd.
Chennai.
"Science is nothing but logic..."
----- Original Message ----
From: Sudhakar <finals27@xxxxxxxxx>
To: php-objects@xxxxxxxxxxxxxxx
Sent: Monday, 26 May, 2008 1:20:41 PM
Subject: validating username
i have used the following code to validate the username it is working fine
============ ========= ========= ========= ======
if( $username == "" || !preg_match( "/^[a-z0- 9]+(?:_[a- z0-9]+)?$ /i",
$username) )
{
$error.="User name cannot be blank or has special characters";
}
============ ========= ========= ========= ======
it does not accept UNDERSCORE at the beginning or end however while i
was testing with different special characters except for # the
validation works fine for all other special characters.
for example if i enter the user name as = abc#123
in this case # sign and what comes after # sign is being ignored. so
in this case the username is being read as abc ONLY and not abc#123
this is very strange, how can i still validate # sign and tell the
user that # sign is not a valid username like i have been doing with
any other special characters like = !@$.......... ..
please advice.
thanks.
Did you know? You can CHAT without downloading messenger. Go to http://in.messenger.yahoo.com/webmessengerpromo.php/
[Non-text portions of this message have been removed]
