testing by comparing with database

Discussion in 'Web Design and Development' started by Cabbit, Apr 30, 2008.

  1. macrumors 68020

    Cabbit

    Joined:
    Jan 30, 2006
    Location:
    Scotland
    #1
    Hi there, i am working on a script that will take a variable and test the result with the database to see if it already exists.

    If the result exists it will allow it to proceed but if it doesn't exist it will stop and prompt the user that this is not a valid result.

    This is for use in a private mail system to prevent messages being send to null users by things like spelling mistakes.

    I would appreciate any help with this please.

    So far i have come up with this but i know i am going wrong somewhere.
    PHP:
    $sql mysql_query ("SELECT `username` FROM `users`");
    while(
    $row mysql_fetch_array($sql)) 
    {
        if (
    $row['username'] == '$testto'
        {
            
    $to $testto;
        }
        else 
        {
            
    $to "Username not reconised";
        }
    }
    echo 
    $to;
     
  2. Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #2
    In your if statement $testto shouldn't be quoted,

    PHP:
    if ($row['username'] == $testto)
    That's part of it. Also, your while loop is going through every user name in the database, and will also assign something to the $to variable. It would be better to create variable called $found, and make it false as an initialization then make it true in your if statement. Then, if found you can also break out of the while loop, then based on whether $found is true or not you can take whatever action.

    PHP:
    $sql mysql_query ("SELECT `username` FROM `users`");
    $found false;
    while(
    $row mysql_fetch_array($sql)) 
    {
        if (
    $row['username'] == $testto
        {
            
    $found true;
            break; 
    // leave loop once you know user name exist
        
    }
    }
    if (!
    $found) { /* give error message */ }
    else { 
    /* found */ }
     
  3. macrumors 6502

    Joined:
    Apr 3, 2006
    Location:
    Beacon, NY
    #3
    You can use mysql_num_rows to see if the username already exists.

    PHP:
    $sql mysql_query ("SELECT `username` FROM `users` WHERE username=$testto");
    if(
    mysql_num_rows($sql) == 1) {
         
    $to $testto
    } else {
         
    $to "username not reconised";
    }
     
  4. macrumors 6502

    Joined:
    Mar 2, 2007
    Location:
    Edge of reason
    #4
    I apologize if I'm missing something, but it looks like you would need to: a.) add quotes around $testto in the query, and b.) escape $testto.

    Here:
    PHP:
    /* you can initialize $to first; it eliminates the "else" later
           ... but it is just a preference of mine.
    */

    $to "username not recognized";


    /* now, prevent SQL injection
          -   imagine if someone entered "a'; DELETE FROM `users`!
    */
    $testto_escaped mysql_real_escape_string($testto);

    //next, perform query
    $sql mysql_query ("SELECT `username` FROM `users` WHERE username='$testto_escaped'");

    //now, see if there were any matches
    if(mysql_num_rows($sql) == 1) {
         
    $to $testto
    }


     
  5. thread starter macrumors 68020

    Cabbit

    Joined:
    Jan 30, 2006
    Location:
    Scotland
    #5
    working code

    PHP:
    /* Test who the message is to */
    $sql mysql_query ("SELECT `username` FROM `users`"); 
    $found false
    while(
    $row mysql_fetch_array($sql))  

        if (
    $row['username'] == $testto)  
        { 
            
    $found true
            break; 
    // leave loop once you know user name exist 
        


    if (!
    $found) { 
    /* give error message */ 
    $errorto "Username not found.";

    else {
        
    $to $testto;
    }
    /* End test who the message is to */
     

Share This Page