250np$ For simple php script

QBert · Oct 26, 2004

Hey, i need a script that checkes a value what somones typed up to see if its = to somthing in the database. just like checking for a username to put to a password.

Thanks

QBert

Crusader · Oct 26, 2004

This would be form.html

Code:

<form name="checker" method="POST" action="domain.com/check.php">
  <p>Username: <input type="text" name="username" size="20" value="<?php echo $username; ?>"><br>
  <input type="submit" value="Check" name="doit"></p>
</form>

This would be check.php

PHP:

<?php

$username = $_POST['username'];

if($username != " "){
	$username = str_replace("<?", " ", $username);
	$username = str_replace("?>", " ", $username);
	
	$sql_username_check = mysql_query("SELECT username FROM usernames WHERE username='$username'");
	$username_check = mysql_num_rows($sql_username_check);

 	if($username_check > 0){
 		echo "That username already exists.";
 		unset($username);
 	} else {
		echo "That username does not exist.";
	}
}

include ("form.html");

?>

I think that should work. Note you'd need a table called usernames with a field called username.

PolurNET · Oct 27, 2004

remember to connect to a DB first m8, you need to use

Code:

mysql_connect('localhost', 'mydb', 'mypass');

peaudecastor · Oct 27, 2004

Hi Crusader,

Why are you checking for <? and ?> ?

PHP:

$username = str_replace("<?", " ", $username);

Unless you prove me otherwise they are harmless what you should always do to be secure are :
$username = addslashes($username);

With your code I could post in the username field something like '; DELETE FROM usernames

And break you

Matt

Crusader said:

This would be form.html

Code:

<form name="checker" method="POST" action="domain.com/check.php">
  <p>Username: <input type="text" name="username" size="20" value="<?php echo $username; ?>"><br>
  <input type="submit" value="Check" name="doit"></p>
</form>

This would be check.php

PHP:

<?php

$username = $_POST['username'];

if($username != " "){
	$username = str_replace("<?", " ", $username);
	$username = str_replace("?>", " ", $username);
	
	$sql_username_check = mysql_query("SELECT username FROM usernames WHERE username='$username'");
	$username_check = mysql_num_rows($sql_username_check);

 	if($username_check > 0){
 		echo "That username already exists.";
 		unset($username);
 	} else {
		echo "That username does not exist.";
	}
}

include ("form.html");

?>

I think that should work. Note you'd need a table called usernames with a field called username.

Crusader · Oct 27, 2004

Err. Yeah, you're right. Ignore the <? ?> and strip out special characters instead.

QBert · Oct 27, 2004

Thanks everyone,

NP$'s sent Crusader. Thanks!

250np$ For simple php script

Established Member

Established Member

VIP Member

quÃ©bÃ©cois libreEstablished Member

Established Member

Established Member

Similar threads

We're social

GetETAApp.com

LightningGear.com

PRCoin.org

Monetizer.xyz

sats.gr

GEDomains.Com

FaceTravel.xyz

farmdatauav.com

DryCrackedFeet.com

gotbuilt.com

Pinned

Appreciation

Agreement

Answers

Relevance

Reaction

Status

Feeling