Unable to remove White Spaces from Username

Question

I am trying to remove Space in username but something is wrong. My 1 other condition keep running. Even when i put username without space, it is not working

Here is my code

$username   = trim($_POST['username']);
  $username     = strip_tags($username);
  $username     = htmlspecialchars($username);

     // username validation
  if (empty($username)) {
   $error = true;
   $usernameError = "Please enter your username.";
  } else if (strlen($username) < 3) {
   $error = true;
   $usernameError = "Username must have at least 3 characters.";
  } else if (preg_match("/^(?=.*[a-z])(?=.*[0-9])[a-z0-9][a-z0-9_]{1,6}[a-z0-9]$/", $username)) {
   $error = true;
   $usernameError = "Username must contain alphabets and numbers.";
  }

I can't see why you'd want to use all that code and for a username. You could be causing more harm than good by doing that. — Funk Forty Niner, Jun 14 '20 at 04:31
I agree with Funk it is not a common practice to impose username character requirements like this -- I always like to use mickmackusa as my screen names, but your filters would not allow it. You are also forbidding uppercase letters. I would be using `strlen()` and `ctype_alnum()` at the most -- no regex is necessary. Or if you NEED to include underscores, then use regex `~^\w{3,}$~`. No stripping, no decoding. Think it over. — mickmackusa, Jun 14 '20 at 05:50

Tim Biegeleisen · Answer 1 · 2020-06-14T02:20:56.473

0

I might recommend that you just use a single regular expression here:

^(?=.*[a-z])(?=.*[0-9])[a-z0-9][a-z0-9_]{1,6}[a-z0-9]$

Your updated PHP code:

$username = "hello123";
if (preg_match("/^(?=.*[a-z])(?=.*[0-9])[a-z0-9][a-z0-9_]{1,6}[a-z0-9]$/i", $username)) {
    echo "valid username";
}

Demo

If you want to give feedback to users choosing an invalid username, you can simply state all the requirements at once, rather than doing things a la carte.

Here is an explanation of the regex pattern:

^                   from the start of the username
    (?=.*[a-z])     lookahead and assert one letter present
    (?=.*[0-9])     lookahead and assert one number present
    [a-z0-9]        one letter or number
    [a-z0-9_]{1,6}  one letter/number/underscore
    [a-z0-9]        one letter or number (total 3-8)
$                   end of the username

edited Jun 14 '20 at 02:20

answered Jun 14 '20 at 02:10

Tim Biegeleisen

451,927
24
239
318

and it will not allow spaces as well? – Ali akbar Jun 14 '20 at 02:13
username like admin 345, it is still allowing – Ali akbar Jun 14 '20 at 02:15
No, it's _not_ allowing `admin 345`, check the demo. – Tim Biegeleisen Jun 14 '20 at 02:16
I am sorry Tim, i should write the above code as well. I am editing my question so you can take a look on how i am taking the username. i am using trim, possibly that is why it is allowing space still currently in my case – Ali akbar Jun 14 '20 at 02:18
I have answered your question. I hope it will help you. – Tim Biegeleisen Jun 14 '20 at 02:21
Sorry, still getting username with spaces. is it because of this $username = trim($_POST['username']); $username = strip_tags($username); $username = htmlspecialchars($username); – Ali akbar Jun 14 '20 at 02:29

Thien Huynh · Accepted Answer · 2020-06-14T05:18:23.890

0

According to your condition, I recommend you to use regular expression for that, you can try this sample in your code to check if it's right or wrong, hope it helps:

$username = trim('hello 123'); 
$username = strip_tags($username); 
$username = htmlspecialchars($username); 

$usernameError = 'valid';
// username validation 
if (empty($username)) { $error = true; $usernameError = "Please enter your username."; } 
else if (strlen($username) < 3) { 
    $error = true; $usernameError = "Username must have at least 3 characters."; 
} 
else if (preg_match("/\s/", $username)) 
{ 
    $error = true; 
    $usernameError = "Username can't contain whitespace."; 
}
else if (!preg_match("/^[a-z0-9][a-z0-9_]{2,9}$/", $username)) // case maximum 10 characters and only accept "a-z 0-9 and _"
{ 
    $error = true; 
    $usernameError = "Username can only contain alphabet, number and _"; 
}
if (empty($usernameError)) {
    echo 'valid';
}
echo $usernameError;

edited Jun 14 '20 at 05:18

answered Jun 14 '20 at 02:22

Thien Huynh

564
5
12

no luck. still username with white space is getting inserted – Ali akbar Jun 14 '20 at 02:25
can you give me the test case that you just tested ? – Thien Huynh Jun 14 '20 at 02:28
yes sure. $username = trim($_POST['username']); $username = strip_tags($username); $username = htmlspecialchars($username); // username validation if (empty($username)) { $error = true; $usernameError = "Please enter your username."; } else if (strlen($username) < 3) { $error = true; $usernameError = "Username must have at least 3 characters."; } else if (preg_match("/^(?=.*[a-z])(?=.*[0-9])[a-z0-9][a-z0-9_]{1,6}[a-z0-9]$/", $username)) { $error = true; $usernameError = "Username must contain alphabets and numbers."; } – Ali akbar Jun 14 '20 at 02:30
i am adding latest test case in my main question. You can see proper code formatting there. – Ali akbar Jun 14 '20 at 02:31
ah, if your full test code is like your above response, I will update my answer for that – Thien Huynh Jun 14 '20 at 02:35
yes. my latest test code is in the main question. i have updated there. thats latest – Ali akbar Jun 14 '20 at 02:37
I've just edited my answer above, hope it will help – Thien Huynh Jun 14 '20 at 02:37
I'm glad to hear it – Thien Huynh Jun 14 '20 at 02:46
yes. one more question. how can i use these kind of restrictions in your latest updated working code [a-z])(?=.*[0-9])[a-z0-9][a-z0-9_]{1,6}[a-z0-9] – Ali akbar Jun 14 '20 at 02:48
i mean to allow only alphanumeric characters and allow underscore only. but no space at all. Like abc_512, abc512, this type of usernames only allowed and this type abc 512 must not be allowed. and of course restrict username characters like max to 10 – Ali akbar Jun 14 '20 at 02:51
ah, about that, it worked for covering all your current condition, that mean it validated all of your condition in one if, simply just remove all current condition and add it there in case you just want 1 condition for all. If you want to validate more detail like we did above, just specific another condition to it, as above, it's missing the case that only allows "_" character and maximum 10 characters. I've already updated my answer, hope it will help – Thien Huynh Jun 14 '20 at 03:44
Dear Thien, once again wonderfull. It worked like a charm. But still one issue. It is only accepting first letter as capital. If i dont put first letter capital, it give me error – Ali akbar Jun 14 '20 at 05:16
Oh, my bad, because this function `preg_match("/^[a-z0-9][a-z0-9_]{2,9}$/", $username)` means it's gonna return true if a string is valid, so if we want to validate the condition, we have to add `!` in front of it. I updated my answer, I think your problem may be solved – Thien Huynh Jun 14 '20 at 05:22
Perfect. You rock – Ali akbar Jun 14 '20 at 05:42

Unable to remove White Spaces from Username

2 Answers2

Demo