250np$ For simple php script

QBert · 10-26-2004, 03:34 PM

Hey, i need a script that checkes a value what somones typed up to see if its = to somthing in the database. just like checking for a username to put to a password.

Thanks

QBert

Crusader · 10-26-2004, 04:54 PM

This would be form.html

Code:

<form name="checker" method="POST" action="domain.com/check.php">
  <p>Username: <input type="text" name="username" size="20" value="<?php echo $username; ?>"><br>
  <input type="submit" value="Check" name="doit"></p>
</form>

This would be check.php

PHP Code:

  <?php

 
$username = $_POST['username'];

 
if($username != " "){

    $username = str_replace("<?", "&nbsp;", $username);

    $username = str_replace("?>", "&nbsp;", $username);

    

    $sql_username_check = mysql_query("SELECT username FROM usernames WHERE username='$username'");

    $username_check = mysql_num_rows($sql_username_check);

 
     if($username_check > 0){

         echo "That username already exists.";

         unset($username);

     } else {

        echo "That username does not exist.";

    }

}

 
include ("form.html");

 
?>

I think that should work. Note you'd need a table called usernames with a field called username.

PolurNET · 10-26-2004, 05:28 PM

remember to connect to a DB first m8, you need to use

Code:

mysql_connect('localhost', 'mydb', 'mypass');

peaudecastor · 10-26-2004, 05:34 PM

Hi Crusader,

Why are you checking for <? and ?> ?

PHP Code:

 
$username = str_replace("<?", "&nbsp;", $username);

Unless you prove me otherwise they are harmless what you should always do to be secure are :
$username = addslashes($username);

With your code I could post in the username field something like '; DELETE FROM usernames

And break you

Matt

Quote:

Originally Posted by Crusader

This would be form.html

Code:

<form name="checker" method="POST" action="domain.com/check.php">
  <p>Username: <input type="text" name="username" size="20" value="<?php echo $username; ?>"><br>
  <input type="submit" value="Check" name="doit"></p>
</form>

This would be check.php

PHP Code:

  <?php

 
$username = $_POST['username'];

 
if($username != " "){

    $username = str_replace("<?", "&nbsp;", $username);

    $username = str_replace("?>", "&nbsp;", $username);

    

    $sql_username_check = mysql_query("SELECT username FROM usernames WHERE username='$username'");

    $username_check = mysql_num_rows($sql_username_check);

 
     if($username_check > 0){

         echo "That username already exists.";

         unset($username);

     } else {

        echo "That username does not exist.";

    }

}

 
include ("form.html");

 
?>

I think that should work. Note you'd need a table called usernames with a field called username.

Crusader · 10-26-2004, 05:36 PM

Err. Yeah, you're right. Ignore the <? ?> and strip out special characters instead.

QBert · 10-26-2004, 09:50 PM

Thanks everyone,

NP$'s sent Crusader. Thanks!

10-26-2004, 03:34 PM	#1 (permalink)
QBert NamePros Regular Join Date: Apr 2004 Location: Australia Posts: 775 72.00 NP$ (Donate)	250np$ For simple php script Hey, i need a script that checkes a value what somones typed up to see if its = to somthing in the database. just like checking for a username to put to a password. Thanks QBert

10-26-2004, 04:54 PM	#2 (permalink)
Crusader Senior Member Join Date: Aug 2003 Location: Canada Posts: 1,293 1,264.40 NP$ (Donate)	This would be form.html Code: <form name="checker" method="POST" action="domain.com/check.php"> <p>Username: <input type="text" name="username" size="20" value="<?php echo $username; ?>"><br> <input type="submit" value="Check" name="doit"></p> </form> This would be check.php PHP Code: <?php $username = $_POST['username']; if($username != " "){ $username = str_replace("<?", " ", $username); $username = str_replace("?>", " ", $username); $sql_username_check = mysql_query("SELECT username FROM usernames WHERE username='$username'"); $username_check = mysql_num_rows($sql_username_check); if($username_check > 0){ echo "That username already exists."; unset($username); } else { echo "That username does not exist."; } } include ("form.html"); ?> I think that should work. Note you'd need a table called usernames with a field called username. __________________ Near Fantastica \| Matthew Good - Vancouver >> Do you Frawlik? <<

10-26-2004, 05:28 PM	#3 (permalink)
PolurNET ₪NamePros Elite™ Join Date: Jul 2004 Location: Kingston, Canada Posts: 2,963 365.30 NP$ (Donate)	remember to connect to a DB first m8, you need to use Code: mysql_connect('localhost', 'mydb', 'mypass'); __________________ •• PolurNET Communications •• Avoid the Freeze, Enjoy the Breeze! = *A very* special day, February 12th = Proudly #1 on NamePros and WebHostingJury for over 3 years! \|\|LawPoint.org •• GREAT UK HOSTING DEALS NOW AT: ExcellentHost.com** ••

10-26-2004, 05:36 PM	#5 (permalink)
Crusader Senior Member Join Date: Aug 2003 Location: Canada Posts: 1,293 1,264.40 NP$ (Donate)	Err. Yeah, you're right. Ignore the <? ?> and strip out special characters instead. __________________ Near Fantastica \| Matthew Good - Vancouver >> Do you Frawlik? <<

10-26-2004, 09:50 PM	#6 (permalink)
QBert NamePros Regular Join Date: Apr 2004 Location: Australia Posts: 775 72.00 NP$ (Donate)	Thanks everyone, NP$'s sent Crusader. Thanks!

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)