You're only binding the key username to valid username, not user name AND email. If you're able to enter either, it's going to check against all your input with filter_var. That is, the key may be say, password, and email will be checked against it and it would fail unless the password is a valid email address format.

This is one of those tricky OR thingies.

if condition1 AND condition2 or condition3

it will return true if 1 and 2 are both true, but it will return true if 3 is true all by itself, won't matter what 1 or 2 is.

if condition1 AND (condition2 or condition3)

is what you're after, because in your case, "condition1" may or may not be the username field.

Not understanding the preg, it looks like it's saying "if it's all letters OR if it's all numbers" - is that right? OR any combination of letters and numbers? The parentheses are not necessary (but they don't hurt anything.)

Out of habit, I parenthesize any comparisons as it makes it much easier to spot errors: ($key == "username")

if(($key == "username") && (!preg_match("/^[a-z\d]+$/i", $value) or !filter_var($value, FILTER_VALIDATE_EMAIL))) {

(Style code tags are hosed up on this board again, just note carefully the placement of the added ()'s)

Give that a stab. Not sure what's more efficient, but your ternary should be fine, other than the extra ()'s. I think. :-) Another option,

$ValidateArray[] = (preg_match('/\@/', $value)) ? 'invalid_email' : 'bad_chars_username';

Hi there Rocknbil,

Thanks for the advice, kinda funny actually as I sort of arrived at the same conclusion during today :) But then when I came to code it, I had forgotten what I had come up with! I ended up with this (which fails if there is a '@' in the username):-

if(($key == "username") && (!preg_match("/^[a-z\d]@+$/i", $value))){
$ValidateArray[] = BAD_CHARS_USERNAME;
}

if(($key == "username") && (substr_count("@", $value) === "1")){
if(($key == "username") && (!filter_var($value, FILTER_VALIDATE_EMAIL))){
$ValidateArray[] = INVALID_EMAIL;
}
}

I took on board what you said, but it didn't seem to do what I wanted it to, that and the fact I had got the substr_count() parameters mixed up, should have read substr_count("@", $value); :)

This is as per your suggestion, but it always returns with the text held in the BAD_CHARS_USERNAME constant, I have probably buggered up the preg pattern (not my strong suite :( )

if(($key == "username") && (!preg_match("/^[a-z@\d]+$/i", $value) || (!filter_var($value,FILTER_VALIDATE_EMAIL))){
$ValidateArray[] = ((substr_count("@", $value) == "1") ? INVALID_EMAIL : BAD_CHARS_USERNAME);
}

As I said before I want the field being submitted as a either username (including @ a-z0-9) or email format, so ideally I am trying to condense a couple of if's into one with a ternary on the error handler, as I thought I could assign error codes depending on there being 1 and only 1 '@' char held in the $value var...

I shall ponder some more :)

Again, any suggestions greatly appreciated,

Cheers,
MRb

if(($key == "username") && (!preg_match("/^[a-z@\d]+$/i", $value) || (!filter_var($value,FILTER_VALIDATE_EMAIL))){
$ValidateArray[] = ((substr_count("@", $value) == "1") ? INVALID_EMAIL : BAD_CHARS_USERNAME);
}

The problem with the above is you will always have !valid (not valid) either e-mail or user name... Allowing the @ symbol in the user name really creates a huge issue with determining which the user tried to enter, because you can't tell 'tried to enter a user name or email' from: myusername@mysite,com where the dot is entered as a comma... It could be either, so you're probably going to have to either do extensive checking or just error and ask for something valid.

Something like this might give you an idea:
Not sure on the validity of my code, so go with the point. ;)

if($key== "username") {
$valid=0;
(filter_var($value,FILTER_VALIDATE_EMAIL)) ? $valid=1 : (preg_match("/^[a-z@\d]+$/i", $value)) ? $valid=1 : '';
}
if($valid!==1) { error; }

Hi all,

if(($key == "username") && (!preg_match("/^[a-z\d]|@+$/i", $value))){
$ValidateArray[] = BAD_CHARS_USERNAME;
}

if(($key == "username") && (substr_count("@", $value) === "1")){
if(($key == "username") && (!filter_var($value, FILTER_VALIDATE_EMAIL))){
$ValidateArray[] = INVALID_EMAIL;
}
}

That is what I have ended up with, though I would like to know if I can either condense this into something more efficient or if the preg_match pattern could be simplified as I have not got the foggiest idea how to do anything with the patterns.

Preg_match criteria:

I would like to be able to allow the following as 'legal' chars: @ _ - (a-z) (0-9) but NOTHING else.

Thank you for any advice,

Cheers,
MRb