Page 1 of 1

Disappearing usernames, anyone?

Posted: Tue Jan 02, 2007 12:37 pm
by Mightywayne
Hello there. I've gotten far in my PHP code but am stuck here. :O Check this out.

Now I've tried to see if it was being assigned correctly (the $username) and right under the _POST I've tested it to echo, and it works. So it makes me wonder if one piece of the following code is blanking it out. As in, setting it to " ".

Code: Select all

$username = $_POST["username"];
$verifycode = $_POST["verify"];

if (($username = "") || ($verifycode = "")) 
{
	die("Gotta fill out all the fields, silly!");
}

$verifycheck = mysql_query("SELECT confkey FROM user WHERE name = '$username'");

$verified = mysql_query("SELECT verified FROM user WHERE name = '$username'");


if ($verified == 'yes')
	die("Hmm, $username, it seems as if you're already validated. Try logging in. ");

if ($verifycheck == $verifycode)
{
	echo "User $username verified correctly, welcome to Monbre!";
	mysql_query("UPDATE user SET verified = 'yes' WHERE name = '$username'");
}
else
	die("Sorry, $username, it seems you have entered the wrong validation code... perhaps you miss-typed it?");
Even if they have the wrong validation code, it'll say "Sorry, , it seems" thus showing it is blank'd by something. Also the validation checker I'm pretty sure is wrong, and I'm also pretty sure it's wrong cuz it blanks it. ;)

Re: Disappearing usernames, anyone?

Posted: Tue Jan 02, 2007 12:42 pm
by mibocote
Mightywayne wrote: Now I've tried to see if it was being assigned correctly (the $username) and right under the _POST I've tested it to echo, and it works. So it makes me wonder if one piece of the following code is blanking it out. As in, setting it to " ".
Look closely :D. I hate making these kind of typos.

Code: Select all

if (($username = "") || ($verifycode = "")) 
{
	die("Gotta fill out all the fields, silly!");
}

Posted: Tue Jan 02, 2007 12:43 pm
by John Cartwright
mysql_query() does not return a recordset, you have to pass the result to mysql_fetch_assoc(), and loop if neccesary. Secondly, as is you are not escaping potentially dangerous input. At minimum, pass user supplied variables to mysql_real_escape_string().

Posted: Tue Jan 02, 2007 12:48 pm
by aaronhall
= != ==

Posted: Tue Jan 02, 2007 12:58 pm
by impulse()
Try something like:

Code: Select all

$i = 0; 
while ($res = mysql_fetch_array($verified)) {
  $variableName[$i] = $res['mysqlFieldName'];
  $i++;
}

for ($i = 0; $i < count($variableName); $i++) {
  if ($variableName[$i] == $verified) {
    $alreadyVerified = 1;
  }
}
That will set the variable 'alreadyVerified' to 1 if there are any results in the mySQL table. Then you can put something like:


Code: Select all

if ($alreadyVerified == 1) {
  echo "Welcome to Monbre";
}

Posted: Tue Jan 02, 2007 1:19 pm
by RobertGonzalez
Assignment versus equality. I just did that the other day.

When checking equality use two equal signs, not one or you end up setting the variable to that value.

Code: Select all

<?php
$username = $_POST["username"];
$verifycode = $_POST["verify"];

// This line here actually assigns the empty string to each var, which in essence evaluates to true for each one)
if (($username = "") || ($verifycode = ""))
{
        die("Gotta fill out all the fields, silly!");
}
?>
Change your conditional to

Code: Select all

<?php
if ($username == "" || $verifycode == "")
?>
Or

Code: Select all

<?php
if ( empty($username) || empty($verifycode) )
?>

Posted: Tue Jan 02, 2007 1:31 pm
by Kieran Huggins
aaronhall wrote:= != ==
kieran += 8O......Image;

aaronhall += 8);

Posted: Tue Jan 02, 2007 3:44 pm
by Mightywayne
Omg. xD Thanks both of you. And, I love empty()! I didn't know that function existed. I'll definitely be using that more often. You guys are great. :o

Posted: Tue Jan 02, 2007 4:09 pm
by RobertGonzalez
Make sure you play around with using empty() as you can get funnier results than expected sometimes (like if the value of a var is (int) 0, it stills shows empty). But play with it. You'll see how it works.