Reguser, Data Clensing and Guest log ins

Callan S. · Post by **Callan S.** » Wed Mar 21, 2012 1:33 am

I'm redoing a bit the tutorials reguser.php. I'm just wondering if the following pretty much clenses the data thoroughly?

Code: Select all

    $player=$_POST['player'];
    $player=strip_tags($player);
    $player=mysql_real_escape_string($player);

    $password=$_POST['password'];
    $password=strip_tags($password);
    $password=mysql_real_escape_string($password);

    $pass2=$_POST['pass2'];
    $pass2=strip_tags($pass2);
    $pass2=mysql_real_escape_string($pass2);

    $email=$_POST['email'];
    $email=strip_tags($email);
    $email=mysql_real_escape_string($email);

And I was wondering what's a good way to do guest log ins. I was thinking of having a count stored in the database and every time someone wants to play as a guest that count would be incremented and that number used on the end of 'guest' as the user name? Or should I use some sort of while loop to count the number of players with 'guest' in their name?

Chris · Post by **Chris** » Wed Mar 21, 2012 2:10 am

Yeah, that should make it safe. Although if you are wanting to learn a better practice. Look at the code you are constantly repeating. For each variable you are calling two functions to make them into "safe" strings.

So the idea is to make a new "safe_string" object or function.

Code: Select all

function safe_string($str)
{
    return strip_tags( mysql_real_escape_string($str) );
}

$player = safe_string($_POST['player']);
$password= safe_string($_POST['password']);
// pass2 shouldn't need this
// $pass2= safe_string($_POST['pass2']);
$email= safe_string($_POST['email']);

Also, I prefer allowing special characters in passwords as they will be encrypted before they are submitted to the database. You shouldn't need to use this on the password at all.

Reguser, Data Clensing and Guest log ins

Reguser, Data Clensing and Guest log ins

Re: Reguser, Data Clensing and Guest log ins