[php] Form returning wrong value
Well, I got my reply form. And for some reason, it always returns "1" for $nameposter. And I'm kinda lost as of why it's doing this.
My script:
PHP Code:
<?php
include("header.php");
if(!isset($_POST['submit'])) {
?>
<form action ="<?php echo $_SERVER['PHP_SELF']; ?>" method ="post">
Name:
<br/><input name="nameposter" size="20" type="text" align="left" maxlength="20">
<br/>
Enter the security code:
<br/><input name ="code" size="20" type="text" align="left"><br />Security code:<br /> <img src="captcha.php" />
<br/>
Message:
<br/>
<textarea name="message" rows="5" cols="50"></textarea>
<input type="submit" name="submit" value="submit">
</form>
<?php
} else {
$code = md5($_POST['code']);
$_SESSION['code'] = $code;
$query = "SELECT code FROM verification WHERE code = '$code'";
$result = mysql_query($query);
if(mysql_num_rows($result) < 1) {
echo "Wrong security code";
unset($_POST['submit']);
include("reply.php");
} else {
$nameposter = htmlspecialchars(mysql_real_escape_string($_POST['nameposter']));
$message = mysql_real_escape_string(preg_replace(array("/\r\n/", "/\n/", "/\r/"), '<br/>',(htmlspecialchars($_POST['message']))));
$ip = $_SERVER['REMOTE_ADDR'];
if ($nameposter == pieman || $nameposter = Pieman || $nameposter = PIEMAN) {
if (!isset($_SESSION['uname']) && !isset ($_SESSION['passw'])) {
echo "You may not use this name.";
} else {
$uname = $_SESSION['uname'];
$passw = $_SESSION['passw'];
$queryuser = "SELECT * FROM login WHERE username = '$uname' AND password = '$passw'";
$resultuser = mysql_query($queryuser);
if (mysql_num_rows($resultuser) < 1) {
echo "You may not use this name.";
} else {
$query ="INSERT INTO reply (id, name, message, ip) VALUES ('++', '$nameposter', '$message', '$ip')";
mysql_query($query) or die (mysql_error());
unset($_POST['submit']);
echo "<table cellpadding=0 border=0 cellspacing ='5' width='390' height='75'><tr>";
echo "<tr>";
echo "<td><b><u>$nameposter</u></b><br/><br/><div style='overflow:auto; height:75px; width:390px;'>$message</div><br/><img src='images/line.png' width='390' height='5'></td>";
echo "</tr>";
echo "</table>";
include("footer.php");
include("reply.php");
}
}
}
}
}
?>
Re: [php] Form returning wrong value
($nameposter == pieman || $nameposter = Pieman || $nameposter = PIEMAN)
change = to ==
Re: [php] Form returning wrong value
I would do a string to upper/lower when running comparisons for usernames. Usually better that way ^_^
You have to do it both ways though the sql data and the input data.
Yah and by setting it as = you're changing the value to PIEMAN (since it's last in the sequence) and it will automatically return true since the type cast is correct for it.
=Edit=
lolz, I didn't notice that they weren't in quotes ^_^ my bad lol
Re: [php] Form returning wrong value
Noob :P
Strings have to be surrounded by quotes, you should've known that by now ^^. And use double = if you want to compare two values.
So it should be:
if ($nameposter == 'pieman' || $nameposter == 'Pieman' || $nameposter == 'PIEMAN')
Or even better:
if (ereg('p(i|1)(e|3)m(a|4)n', $nameposter))
This will get rid of any combination containing the word pieman, even if some characters are upper. It will also block names like 'p1eman' or 'IZ TZAH PIEM4n!'.
Look for regular expressions for more info on this.
Re: [php] Form returning wrong value
Shit I really should've knew that. But hey, ajax lost and I was tired. So I think that is an acceptable excuse. :tongue: