Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
To reduce an attacker’s possibilities, is it worth to have only alphanumeric values inside the table ? For example on username and password inputs on registration form applay the following:
preg_replace("/[^A-Za-z0-9 ]/", '', $input);
And of course, perform the same each time before login ?
By removing any characters you’re actually weaken security.
there is absolutely no point in removing whatever characters, while some non alanum characters are required in passwords for better security
See my other answer on the “illegal” characters topic: https://stackoverflow.com/a/2995163/285587