how can I block from input !@#$%^&*() only _ and alphabet ?
This is my code
$query = htmlspecialchars(trim($_GET['search']));
$min_length = 3;
if (strlen($query) >= $min_length) {
$query = htmlspecialchars(trim($query));
$query = mysql_real_escape_string($query);
$raw_results = mysql_query("SELECT * FROM skins WHERE (`username` LIKE '%" . $query . "%')") or die(mysql_error());
}
$query = htmlspecialchars(trim($_GET['search']));
$min_length = 3;
if (strlen($query) >= $min_length) {
if(preg_match('/^[A-Za-z0-9_]+$/',$query)){
$query = htmlspecialchars(trim($query));
$query = mysql_real_escape_string($query);
$raw_results = mysql_query("SELECT * FROM skins WHERE (`username` LIKE '%" . $query . "%')") or die(mysql_error());
} else {
//do something if $query contains something else than alphanumeric and _ chars
}
}
