Use regular expressions to validate PHP inputs
To help counter SQL injections you need to make sure that entered values use minimum character types as possible. So you restrict usernames to just a-z and 0-9 characters.
To test for these, use something like :
//——————————————————
/**
* Purpose : Check input for paticular characters
* Only allow a – z, A – Z , 0-9
* returns true if a match was found, false if no match was found
* @return boolean
*/
function is_valid_input($words) {
if ( preg_match( “/[^0-9a-zA-Z]/”, $words, $array ) )
return false; //invalid characters
else
return true; //valid characters
}