I am tring to create the customer can register in the front-end or (the index page )not admin page ..

first of all , I made web site page , it's title : Register User

however i am afraid when the user can perform somthing bad (sql injection .. etc) ..

this really is my code ..

if(!empty($_POST['user_name']) || !empty($_POST['email'])){
$user_login  = $_POST['user_name'];
$user_email  = $_POST['email'];
$random_password = wp_generate_password(5 , true );
wp_create_user( $user_login, $random_password, $user_email )

} else {
echo 'The user name or E-mail is empty';

}

furthermore , just how can know this really is email or otherwise ?

sorry , my language isn't good >_<

The wordpress_create_user function ought to be safe to simply send user-input to.

The 2nd part is clarified by Jakub

That is dependent around the wp_create_user function - could it be cleaning/getting away the information for you personally? Otherwise, you may want to do-it-yourself (see mysql_real_escape_string)

You should use the already incorporated function in wordpress:

Particulars here: http://codex.wordpress.org/Function_Reference/is_email

is_email()

<?php if ( is_email( 'email@domain.com' ) ) {
      echo 'email address is valid.';
} ?>

Might should also validate the 'username' while using function username_exists()

http://codex.wordpress.org/Function_Reference/username_exists

<?php  
       $username = $_POST['username'];
       if ( username_exists( $username ) )
           echo "Username In Use!";
       else
           echo "Username Not In Use!";
?>