不可使用非法字符

application/admin/controller/User.php

@@ -105,6 +105,10 @@ class User extends BaseController
     {
         try {
             $User_model = new \app\admin\model\User();
+            //去除空格
+            if (!preg_match('/[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*/', $_POST['username'])) {
+                tojson(202, '不可使用非法字符');
+            }
             $_POST['username']=str_replace(" ",'', $_POST['username']);
             $check = $User_model->where(['username' => $_POST['username']])->value('id');
             if ($check) {