PHP阻止提交符号

时间:2013-11-25 16:01:22

标签: php submit block symbols

如何阻止输入!@#$%^& *() _ 字母
这是我的代码

$query = htmlspecialchars(trim($_GET['search']));
$min_length = 3;
if (strlen($query) >= $min_length) {
    $query = htmlspecialchars(trim($query));
    $query = mysql_real_escape_string($query);
    $raw_results = mysql_query("SELECT * FROM skins WHERE (`username` LIKE '%" . $query . "%')") or die(mysql_error());
}

1 个答案:

答案 0 :(得分:0)

$query = htmlspecialchars(trim($_GET['search']));
$min_length = 3;
if (strlen($query) >= $min_length) {
    if(preg_match('/^[A-Za-z0-9_]+$/',$query)){
        $query = htmlspecialchars(trim($query));
        $query = mysql_real_escape_string($query);
        $raw_results = mysql_query("SELECT * FROM skins WHERE (`username` LIKE '%" . $query . "%')") or die(mysql_error());
    } else {
        //do something if $query contains something else than alphanumeric and _ chars
    }
}