[RESOLVED] Comparing results

jerrylouise

Hi there, i am working on a script that will take a variable and test the result with the database to see if it already exists.

If the result exists it will allow it to proceed but if it doesn't exist it will stop and prompt the user that this is not a valid result.

This is for use in a private mail system to prevent messages being send to null users by things like spelling mistakes.

I would appreciate any help with this please.

So far i have come up with this but i know i am going wrong somewhere.

$sql = mysql_query ("SELECT `username` FROM `users`");
while($row = mysql_fetch_array($sql)) 
{
	if ($row['username'] == '$testto') 
	{
		$to = $testto;
	}
	else 
	{
		$to = "Username not reconised";
	}
}
echo $to;

_uk_stuff

Hi,

Your string test would be comparing the row variable with the actual string '$testto'.

You want to loose the apostrophes to get the comparison to work within you code.

The better way to implement would be to search the database for the name entered within the query. That way if you have a record returned, you know you have a match. If the number of records returned are zero, they have typed something in wrong.

$sql = mysql_query ("SELECT `username` FROM `users` WHERE username like '" . addslashes(%testto) . "'");
if ( mysql_num_rows($sql) > 0 )
	$to = $testto;
else
	$to = "Username not recognised";

Please note that I have used a LIKE function in the SQL meaning that it would be case insensitive. Also adding addslashes() to the variable is an intial preventative to stop anything nasty to be done to the database, this could be extended further.

Cheers

Stuff