PDA

View Full Version : testing by comparing with database




Cabbit
Apr 30, 2008, 08:16 AM
Hi there, i am working on a script that will take a variable and test the result with the database to see if it already exists.

If the result exists it will allow it to proceed but if it doesn't exist it will stop and prompt the user that this is not a valid result.

This is for use in a private mail system to prevent messages being send to null users by things like spelling mistakes.

I would appreciate any help with this please.

So far i have come up with this but i know i am going wrong somewhere.
$sql = mysql_query ("SELECT `username` FROM `users`");
while($row = mysql_fetch_array($sql))
{
if ($row['username'] == '$testto')
{
$to = $testto;
}
else
{
$to = "Username not reconised";
}
}
echo $to;



angelwatt
Apr 30, 2008, 11:35 AM
In your if statement $testto shouldn't be quoted,

if ($row['username'] == $testto)

That's part of it. Also, your while loop is going through every user name in the database, and will also assign something to the $to variable. It would be better to create variable called $found, and make it false as an initialization then make it true in your if statement. Then, if found you can also break out of the while loop, then based on whether $found is true or not you can take whatever action.

$sql = mysql_query ("SELECT `username` FROM `users`");
$found = false;
while($row = mysql_fetch_array($sql))
{
if ($row['username'] == $testto)
{
$found = true;
break; // leave loop once you know user name exist
}
}
if (!$found) { /* give error message */ }
else { /* found */ }

jsm4182
Apr 30, 2008, 11:39 AM
Hi there, i am working on a script that will take a variable and test the result with the database to see if it already exists.

If the result exists it will allow it to proceed but if it doesn't exist it will stop and prompt the user that this is not a valid result.

This is for use in a private mail system to prevent messages being send to null users by things like spelling mistakes.

I would appreciate any help with this please.

So far i have come up with this but i know i am going wrong somewhere.
$sql = mysql_query ("SELECT `username` FROM `users`");
while($row = mysql_fetch_array($sql))
{
if ($row['username'] == '$testto')
{
$to = $testto;
}
else
{
$to = "Username not reconised";
}
}
echo $to;

You can use mysql_num_rows to see if the username already exists.


$sql = mysql_query ("SELECT `username` FROM `users` WHERE username=$testto");
if(mysql_num_rows($sql) == 1) {
$to = $testto
} else {
$to = "username not reconised";
}

CoreWeb
Apr 30, 2008, 02:02 PM
You can use mysql_num_rows to see if the username already exists.


$sql = mysql_query ("SELECT `username` FROM `users` WHERE username=$testto");
if(mysql_num_rows($sql) == 1) {
$to = $testto
} else {
$to = "username not reconised";
}


I apologize if I'm missing something, but it looks like you would need to: a.) add quotes around $testto in the query, and b.) escape $testto.

Here:

/* you can initialize $to first; it eliminates the "else" later
... but it is just a preference of mine.
*/

$to = "username not recognized";


/* now, prevent SQL injection
- imagine if someone entered "a'; DELETE FROM `users`!
*/
$testto_escaped = mysql_real_escape_string($testto);

//next, perform query
$sql = mysql_query ("SELECT `username` FROM `users` WHERE username='$testto_escaped'");

//now, see if there were any matches
if(mysql_num_rows($sql) == 1) {
$to = $testto
}

Cabbit
Apr 30, 2008, 04:25 PM
working code

/* Test who the message is to */
$sql = mysql_query ("SELECT `username` FROM `users`");
$found = false;
while($row = mysql_fetch_array($sql))
{
if ($row['username'] == $testto)
{
$found = true;
break; // leave loop once you know user name exist
}
}
if (!$found) {
/* give error message */
$errorto = "Username not found.";
}
else {
$to = $testto;
}
/* End test who the message is to */