How to apply proper validations for username input with php?

Question

Am working on a signup form which has an input for username, gender, email and password. I have successfully added validations am pleased with to the 3 except for the username input which am facing a single problem. I will like to apply a validation to my username input which checks if input has at least 3 letters (upper or lowercase) e.g.

I want the results be something like this:

Input=abc
count=3
result=accept!
--------------
Input=XYZQW
count=5
result=accept!
--------------
Input=A/_B
count=2
result=Not acceptable!

But now it counts everything such as / or _ or ( or etc... as letters

below is my php code which i have applied few validations

<?php
$username = mysqli_real_escape_string($db, $_POST['username']);
        if (empty($username)) {
            $error_class = 'input_error';
        } elseif (strlen($username) < 3) {
            $error= '<font color="red">Your user name must be atleast 3 characters</font>';
            $error_class = 'input_error';
        } elseif (strlen($username) > 15) {
            $error= '<font color="red">Your user name is too long</font>';
            $error_class = 'input_error';
        } elseif (!preg_match("/^[A-Za-z0-9_\.]+$/ ", $username)) {
            $error = '<font color="red">Your user name must be in letters with either a number, underscore or a dot</font>';
            $error_class = 'input_error';
        } else {
            $check_uname = "SELECT * FROM users WHERE username = '$username'";
            if (!$result = mysqli_query($db_var, $check_uname)) {
                exit(mysqli_error($db_var));
            }
            if (mysqli_num_rows($result) > 0) {
                $error = '<font color="red"><b>'.$username.'</b> is already in use</font>';
                $error_class = 'input_error';
            } else {
                $error_class = 'input_no_error';
            }
        }
?>

Okay, and what is the result of your current code? How does it differ from what you want? What have you tried to resolve the issue? — Patrick Q, Jul 18 '18 at 18:50
Don't rely on the `real_escape_string()` functions to prevent SQL injection, [they alone are not sufficient](https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string). You should use prepared statements with bound parameters, via either [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php). [**This post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has some good examples. — Alex Howansky, Jul 18 '18 at 18:53
i tried adding `(strlen(!preg_match("/^[A-Za-z0-9_\.]+$/ ", $username)) < 3)` but my code always echo the validation "your user name must be at least 3 characters" even if the users inputted only 2 or 5 or more letters — , Jul 18 '18 at 18:53
@PatrickQ He wants to accept `aaa` and more than 3 letters not `aa_` because `_` is not a letter — Mobin F.R.G, Jul 18 '18 at 18:54
@Saron Did you try to replace non-letters in the string and then use strlen? For example: Input=>`a10(b` ==> replace `10(` ==> count the letters — Mobin F.R.G, Jul 18 '18 at 18:56
@MobinF.R.G I understand that. But this post is just a list of requirements and a code dump. There actually isn't even a question at all. This is not how proper posts here are constructed. OP is expected to explain their issue in detail. — Patrick Q, Jul 18 '18 at 18:56

score 0 · Accepted Answer · edited Jun 20 '20 at 09:12

You should preg_replace() your username and remove any non-letter characters and use strlen() to get the length.

This is how you should do :

$username = "aBd_$/"; //Actually 6
$editedusername = preg_replace('/[^a-zA-Z]/m', '', $username);
$count=strlen($editedusername); //But it returns 3
echo $count;

The input value is actually 6 characters containing _ and $ and / but you don't need them so it will return 3 which are a and B and d.

Let me know if you have any problem with the code!

How to apply proper validations for username input with php?

1 Answers1