250np$ For simple php script

QBert · 10-26-2004, 04:34 PM

Hey, i need a script that checkes a value what somones typed up to see if its = to somthing in the database. just like checking for a username to put to a password.

Thanks

QBert

Crusader · 10-26-2004, 05:54 PM

This would be form.html

Code:

<form name="checker" method="POST" action="domain.com/check.php">
  <p>Username: <input type="text" name="username" size="20" value="<?php echo $username; ?>"><br>
  <input type="submit" value="Check" name="doit"></p>
</form>

This would be check.php

PHP Code:

  <?php

 
$username = $_POST['username'];

 
if($username != " "){

    $username = str_replace("<?", "&nbsp;", $username);

    $username = str_replace("?>", "&nbsp;", $username);

    

    $sql_username_check = mysql_query("SELECT username FROM usernames WHERE username='$username'");

????: NamePros.com http://www.namepros.com/programming/53172-250np-for-simple-php-script.html
????: NamePros.com http://www.namepros.com/showthread.php?t=53172
    $username_check = mysql_num_rows($sql_username_check);

 
     if($username_check > 0){

         echo "That username already exists.";

         unset($username);

     } else {

        echo "That username does not exist.";

    }

}

 
include ("form.html");

 
?>

I think that should work. Note you'd need a table called usernames with a field called username.

PolurNET · 10-26-2004, 06:28 PM

remember to connect to a DB first m8, you need to use

Code:

mysql_connect('localhost', 'mydb', 'mypass');

peaudecastor · 10-26-2004, 06:34 PM

Hi Crusader,

Why are you checking for <? and ?> ?

PHP Code:

 
$username = str_replace("<?", "&nbsp;", $username);

Unless you prove me otherwise they are harmless what you should always do to be secure are :
$username = addslashes($username);

With your code I could post in the username field something like '; DELETE FROM usernames

And break you

Matt

Originally Posted by Crusader

This would be form.html

Code:

<form name="checker" method="POST" action="domain.com/check.php">
  <p>Username: <input type="text" name="username" size="20" value="<?php echo $username; ?>"><br>
  <input type="submit" value="Check" name="doit"></p>
</form>

This would be check.php
????: NamePros.com http://www.namepros.com/showthread.php?t=53172

PHP Code:

  <?php

 
$username = $_POST['username'];

 
if($username != " "){

    $username = str_replace("<?", "&nbsp;", $username);

    $username = str_replace("?>", "&nbsp;", $username);

    

    $sql_username_check = mysql_query("SELECT username FROM usernames WHERE username='$username'");

    $username_check = mysql_num_rows($sql_username_check);

 
     if($username_check > 0){

         echo "That username already exists.";

         unset($username);

     } else {

        echo "That username does not exist.";

    }

}

 
include ("form.html");

????: NamePros.com http://www.namepros.com/showthread.php?t=53172
 
?>

I think that should work. Note you'd need a table called usernames with a field called username.

Crusader · 10-26-2004, 06:36 PM

Err. Yeah, you're right. Ignore the <? ?> and strip out special characters instead.

QBert · 10-26-2004, 10:50 PM

Thanks everyone,

NP$'s sent Crusader. Thanks!

10-26-2004, 04:34 PM	THREAD STARTER #1 (permalink)
QBert NamePros Regular Join Date: Apr 2004 Location: Australia Posts: 814	250np$ For simple php script Hey, i need a script that checkes a value what somones typed up to see if its = to somthing in the database. just like checking for a username to put to a password. Thanks QBert

10-26-2004, 05:54 PM	#2 (permalink)
Crusader Senior Member Join Date: Aug 2003 Location: Canada Posts: 1,257	This would be form.html Code: <form name="checker" method="POST" action="domain.com/check.php"> <p>Username: <input type="text" name="username" size="20" value="<?php echo $username; ?>"><br> <input type="submit" value="Check" name="doit"></p> </form> This would be check.php PHP Code: <?php $username = $_POST['username']; if($username != " "){ $username = str_replace("<?", " ", $username); $username = str_replace("?>", " ", $username); $sql_username_check = mysql_query("SELECT username FROM usernames WHERE username='$username'"); ????: NamePros.com http://www.namepros.com/programming/53172-250np-for-simple-php-script.html ????: NamePros.com http://www.namepros.com/showthread.php?t=53172 $username_check = mysql_num_rows($sql_username_check); if($username_check > 0){ echo "That username already exists."; unset($username); } else { echo "That username does not exist."; } } include ("form.html"); ?> I think that should work. Note you'd need a table called usernames with a field called username. __________________ Near Fantastica \| Matthew Good - Vancouver TS Design Group - Vancouver, BC based Graphic Design >> Do you Frawlik? <<

10-26-2004, 06:28 PM	#3 (permalink)
PolurNET Senior Member Join Date: Jul 2004 Location: I ♥ Business Law Posts: 3,082	remember to connect to a DB first m8, you need to use Code: mysql_connect('localhost', 'mydb', 'mypass');

10-26-2004, 06:36 PM	#5 (permalink)
Crusader Senior Member Join Date: Aug 2003 Location: Canada Posts: 1,257	Err. Yeah, you're right. Ignore the <? ?> and strip out special characters instead. __________________ Near Fantastica \| Matthew Good - Vancouver TS Design Group - Vancouver, BC based Graphic Design >> Do you Frawlik? <<

10-26-2004, 10:50 PM	THREAD STARTER #6 (permalink)
QBert NamePros Regular Join Date: Apr 2004 Location: Australia Posts: 814	Thanks everyone, NP$'s sent Crusader. Thanks!

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)