diff --git a/inventory-backend/app/services/auth_service.py b/inventory-backend/app/services/auth_service.py
index dbe619a..cc6559b 100644
--- a/inventory-backend/app/services/auth_service.py
+++ b/inventory-backend/app/services/auth_service.py
@@ -205,6 +205,16 @@ class AuthService:
         if not cn_name or not pinyin_base:
             raise Exception("姓名和账号不能为空")
 
+        # 后端兜底正则校验：允许中英数，禁止纯数字，无特殊字符
+        import re
+        name_pattern = re.compile(r'^(?!\d+$)[a-zA-Z0-9\u4e00-\u9fa5]+$')
+
+        if not name_pattern.match(cn_name):
+            raise Exception("姓名格式错误：仅支持中英文和数字，不能为纯数字，且不支持特殊字符")
+
+        if not name_pattern.match(pinyin_base):
+            raise Exception("账号格式错误：仅支持中英文和数字，不能为纯数字，且不支持特殊字符")
+
         role_raw = data.get('role')
         role = role_raw.upper() if role_raw else None
 
@@ -220,7 +230,7 @@ class AuthService:
         if operator_role_upper == UserRole.SUPERVISOR and role == UserRole.SUPER_ADMIN:
             raise Exception("权限不足：主管无法创建超级管理员")
 
-        email = data.get('email', '')
+        email = data.get('email', '') or None  # 空字符串转 None，避免 unique 冲突
         if email and SysUser.query.filter_by(email=email).first():
             raise Exception("邮箱已被使用")
 
diff --git a/inventory-web/src/views/system/UserCreate.vue b/inventory-web/src/views/system/UserCreate.vue
index b0bcf20..739691c 100644
--- a/inventory-web/src/views/system/UserCreate.vue
+++ b/inventory-web/src/views/system/UserCreate.vue
@@ -302,10 +302,30 @@ const roleOptions = computed(() => {
   return options
 })
 
+// 自定义校验：仅支持中英文、数字，禁止纯数字，禁止特殊字符
+const validateNameStrict = (rule: any, value: string, callback: any) => {
+  if (!value) {
+    callback(new Error('该字段不能为空'));
+    return;
+  }
+  const reg = /^(?!\d+$)[a-zA-Z0-9\u4e00-\u9fa5]+$/;
+  if (!reg.test(value)) {
+    callback(new Error('仅支持中英文和数字，不能为纯数字，且不支持特殊字符'));
+  } else {
+    callback();
+  }
+};
+
 const rules = computed(() => {
   const commonRules: any = {
-    cn_name: [{ required: true, message: '请输入真实姓名', trigger: 'blur' }],
-    username: [{ required: true, message: '账号不能为空', trigger: 'blur' }],
+    cn_name: [
+      { required: true, message: '请输入真实姓名', trigger: 'blur' },
+      { validator: validateNameStrict, trigger: 'blur' }
+    ],
+    username: [
+      { required: true, message: '账号不能为空', trigger: 'blur' },
+      { validator: validateNameStrict, trigger: 'blur' }
+    ],
     role: [{ required: true, message: '请选择角色', trigger: 'change' }],
     department: [{ required: true, message: '请输入或选择部门', trigger: ['blur', 'change'] }],
     email: [