如何阻止输入!@#$%^& *()仅 _ 和字母?
这是我的代码
$query = htmlspecialchars(trim($_GET['search']));
$min_length = 3;
if (strlen($query) >= $min_length) {
$query = htmlspecialchars(trim($query));
$query = mysql_real_escape_string($query);
$raw_results = mysql_query("SELECT * FROM skins WHERE (`username` LIKE '%" . $query . "%')") or die(mysql_error());
}
答案 0 :(得分:0)
$query = htmlspecialchars(trim($_GET['search']));
$min_length = 3;
if (strlen($query) >= $min_length) {
if(preg_match('/^[A-Za-z0-9_]+$/',$query)){
$query = htmlspecialchars(trim($query));
$query = mysql_real_escape_string($query);
$raw_results = mysql_query("SELECT * FROM skins WHERE (`username` LIKE '%" . $query . "%')") or die(mysql_error());
} else {
//do something if $query contains something else than alphanumeric and _ chars
}
}