I used to plug in user's usernames in the URL like so:
$u = urlencode($username);
It was never quite beautiful since I have usernames with spaces and/or special characters in them, but it worked.
Then a few years ago I had a warning from Google that I was violating their new PII policy (you can't show any personally identifying information *). In a near panic to get my entire site modified to be compliant, I didn't quite realize that the only problem they had was when someone used an email address as their username. So I COULD have just replaced the @ with a - or something and been fine, but I didn't know that until a couple of weeks ago.
So now I'm back to where I used to be... I'd like to use the username in the URL again, but I need for it to be both pretty and
compliant with Google's PII policy.
My first thought was to replace any space or special character with a . (dot), then on the page where I do a MySQL query based on the username I could simply use LIKE
in the query:
$user = str_replace('.', '_', $_GET['user']);
$query = sprintf("SELECT username FROM users WHERE username LIKE '%s' LIMIT 1",
But I might have a user with a special character at the beginning or end of their name, and since this would look weird:
I would want to trim the . from both ends.
Both of these lead to more potential problems, though. I could realistically have these completely different usernames registered:
But the system above would think they're all the same.
Soooo, my next thought was that I could create a MySQL table with all registered usernames (about 500,000) in one column and the encoded username in another column, then write a script to manually replace the special characters in each one and insert it in to column B... and if there's already a match, add or increment a number at the end; eg:
csdude | csdude
~csdude~ | csdude1
c.s.dude! | csdude2
This is starting to become a bit more complicated than I wanted, though, and has a lot more potential for errors. So before I spend the next week or two writing the programs to do all of this (!), can you guys suggest any method that might be easier that I've overlooked?
* Adsense PII policy: [support.google.com