O'Reilly

Simple Username Creation Validation with PHP

By on  

When I create login areas (mostly intranets) for small websites, I'm always asked by the customer to keep usernames to letters and numbers. That means no email addresses as usernames and special characters like "_", "-", and ".". This, in my customer's mind, keeps the login easy for their users and limits the number of support calls they will receive. While I don't recommend disallowing common username characters like the ones cited above, I do understand their need for simplicity. Here's how, using PHP, I validate that a username is only letters and numbers.

The PHP

function validate_username($input,$pattern = '[^A-Za-z0-9]')
{
	return !ereg($pattern,$input);
}

It's as easy as that. I don't go as far as using this for passwords, but you could if you wanted to. I'll also mention that if I want to allow non-alphanumeric characters, I just need to change the function's pattern. Easy enough!

Track.js Error Reporting

Upcoming Events

Recent Features

Incredible Demos

  • QuickBoxes for Dojo

    Adding to my mental portfolio is important to me. First came MooTools, then jQuery, and now Dojo. I speak often with Peter Higgins of Dojo fame and decided it was time to step into his world. I chose a simple but useful plugin,...

  • CSS Scoped Styles

    There are plenty of awesome new attributes we've gotten during the HTML5 revolution:  placeholder, download, hidden, and more.  Each of these attributes provides us a different level of control over an element on the page, but there's a new element attribute that allows...

Discussion

  1. I like the approach — instead of matching a word boundary e.g. ^[a-zA-z0-9]*$ you match the first invalid character. I wonder what the speed difference is…

    BTW, you can use [^\w\d] insead ;) It’s lazier

  2. My bad. You cant use \w since it matches _ as well. On the other hand \w handles \d, so if you are looking for something quick for chars, digits and _ — you can use \w.

  3. Brian

    You could also use PHP’s ctype_alnum to match only alphanumeric characters
    which matches (ever so slightly) faster than its equivalent regular expression,
    and still retain future flexibility by using something like:

    function username($input, $pattern = false)
    {
           return ($pattern) ? !ereg($pattern, $input) : ctype_alnum($input);
    }
    

    Of course the speed difference is on the order of nanoseconds,
    but it is faster nonetheless.

  4. Jeff Hartman

    A better method name would be useful. ;)

  5. @Jeff: Ooops. I have this function within a class. I actually use it like this:

    if($valid->username($input)) {
      // move on...
    }
    

    I simply didn’t rename it for the blog. I’ll do that quick!

  6. A word of warning, ereg is being removed in PHP6 because of the more powerful and usually faster preg. Altering your code to work with pregs is easy and safer should the server you’re on upgrade to PHP6 sometime in the future:

    function validate_username($input, $pattern = '/[^A-Za-z0-9]/')
    {
        return !preg_match($pattern, $input);
    }
    
  7. ereg will be deprecated in php 5.3 and removed in 6, use preg instead

  8. ereg is not available in php 5.3.0

    any alternative for this ?

  9. Nolan Hawkins

    I’m rather new to regexp, and am just trying to get something exactly like this to work, but it just isn’t. I got annoyed, and then simplified as much as possible to this:


    and it isn’t responding anything except 0, no matter what I try.

  10. Nolan Hawkins

    Oops sorry. Anyways, it’s just a text input that posts to itself, and it deals with the post by doing

     if(!is_null($_POST["f"])){
    $input=$_POST["f"];
    $pattern = '[^A-Za-z0-9]';
    $a=preg_match($pattern,$input);
    echo $a;
    }
  11. The Best way I recommend is this :-

        $str = "";
        function validate_username($str) 
        {
            $allowed = array(".", "-", "_"); // you can add here more value, you want to allow.
            if(ctype_alnum(str_replace($allowed, '', $str ))) {
                return $str;
            } else {
                $str = "Invalid Username";
                return $str;
            }
        }
    

Wrap your code in <pre class="{language}"></pre> tags, link to a GitHub gist, JSFiddle fiddle, or CodePen pen to embed!

Recently on David Walsh Blog

  • Free Download: Font Bundle Featuring 17 Incredible Typefaces

    The only thing we love more than a good font, is a good free font. So we’ve combed the Web for some of our favorite free fonts, and gathered them here in a single download. You’ll find a variety of useful typefaces, from highly geometric designs...

  • OâReilly Velocity Conference â Amsterdam

    My favorite front-end conference has always been O'Reilly's Velocity Conference because the conference series has focused on one of the most undervalued parts of client side coding:  speed.  So often we're so excited that our JavaScript works that we forget that speed, efficiency, and performance are just as important. The next Velocity...

  • CanIUse Command Line

    Every front-end developer should be well acquainted with CanIUse, the website that lets you view browser support for browser features.  When people criticize my blog posts for not detailing browser support for features within the post, I tell them to check CanIUse:  always up to date, unlike...

  • Generating Alternative Stylesheets for Browsers Without @media

    If your CSS code is built with a mobile-first approach, it probably contains all the rules that make up the "desktop" view inside @media statements. That's great, but browsers that don't support media queries (IE 8 and below) will simply ignore them, ending up getting the...

  • Serve a Directory with PHP

    Many developers have a giggle at PHP, even looking down at the language, but let's be honest:  most of our blogs are powered by it (WordPress) and it's a great language to dabble around with.  I cut my teeth on PHP, though I prefer to avoid PHP these days. But...