I would like to support UTF-8, but it has been explained to me that I have to use different functions as a result. (i.e. http://us3.php.net/mbstring)
Below is some code that I fear might “blow up” if I switch to UTF-8…
// Trim all Form data.
$trimmed = array_map('trim', $_POST);
// ************************
// Validate Form Data. *
// ************************
// Validate First Name.
if (empty($trimmed['firstName'])){
// No First Name.
$errors['firstName'] = 'Enter your First Name.';
}else{
// First Name Exists.
if (preg_match('#^[A-Z \\'.-]{2,30}$#i', $trimmed['firstName'])){
// Valid First Name.
$firstName = $trimmed['firstName'];
}else{
// Invalid First Name.
$errors['firstName'] = 'First Name must be 2-30 characters (A-Z \\' . -)';
}
}//End of VALIDATE FIRST NAME
// Validate Username.
if (empty($trimmed['username'])){
// No Username.
$errors['username'] = 'Enter your Username.';
}else{
// Username Exists.
if (preg_match('~(?x) # Comments Mode
^ # Beginning of String Anchor
(?=.{8,30}$) # Ensure Length is 8-30 Characters
.* # Match Anything
$ # End of String Anchor
~i', $trimmed['username'])){
// Valid Username.
// ******************************
// Check Username Availability. *
// ******************************
// Build query.
$q1 = 'SELECT id
FROM member
WHERE username=?';
// Prepare statement.
$stmt1 = mysqli_prepare($dbc, $q1);
// Bind variable to query.
mysqli_stmt_bind_param($stmt1, 's', $trimmed['username']);
// Execute query.
mysqli_stmt_execute($stmt1);
// Store results.
mysqli_stmt_store_result($stmt1);
// Check # of Records Returned.
if (mysqli_stmt_num_rows($stmt1)>0){
// Duplicate Username.
$errors['username'] = 'This Username is taken. Try again.';
}else{
// Unique Username.
$username = $trimmed['username'];
}
}else{
// Invalid Username.
$errors['username'] = 'Username must be 8-30 characters.';
}
}//End of VALIDATE USERNAME
There seems to be three areas where I could run into issues…
1.) array_map
2.) preg_match
3.) Prepared Statements
I see there is a Multi-Byte Regex, but am not sure how easy it would translate to my code?!
And as far as everything else, well, I just don’t know.
It would be nice to have a more “International” website/support, but I am wondering if I will break all of my code and expose my website to all kinds of Security Vulnerabilities by switching to UTF-8??
Any suggestions? :-/
Thanks,
Debbie