[SOLVED] Need help with some if/else conditions

[rrmosby]

I have a few questions, pertaining to a script I'm trying to write in PHP. I am a bit of a newb so I don't understand techno-talk, but I'll try and keep up if any respond.

 

Here's the situation: I'm doing this page where people can insert information into the database. Because it's public, the information goes into another table than the real one, so that I can be a moderator and approve the information. Also, I log the contributor's IP address into the table, so that if they try to abuse the page, I can IP ban them.

 

When they click the Submit button, I have a few if statements that the information has to go through in order to succeed.

 

This is what I'm going for (in essence):

 

if (!is_numeric($ID) || or contains hyphens || or contains periods || matches ID from real table || matches ID from temp table)

 

1. I want the ID to be only numbers--if it's not, they get an error telling them it has to be. The problem with is_numeric is they could put a negative number or a decimal for an ID and the script will accept it, so I thought I could ask the if statement to also check if there's hyphens or periods.

2. I also want it to check to see if the ID is already listed in the temp table this will be going into.

3. I also want it to check and see if the ID is already listed in another table in the same database.

 

Anyone have any ideas?

[waynew]

$select = mysql_query("SELECT id FROM exampletable WHERE id = '$id_that_you_are_testing'") or die(mysql_error());
if(mysql_num_rows($select) > 0){
   echo "Exists";
}

 

Also is_numeric returns a 1 if the value is numeric and a -1 if it isn't.

 

Hope that helped a little bit. I'm a tiny bit drunk.

[rrmosby]

If they put a -1029872 or a 1972.982 it doesn't trigger the !is_numeric error message (like "19872asdf8" would). I'm going to implement the code you gave me (thank you!) now.

[waynew]

That's because -1029872 is numeric.

[waynew]

If you're wanting to keep it a positive number, just have an if that states $number must be > than 0 or -1.

[rrmosby]

Oh! I hadn't thought of that, excellent! What about for decimals and how to prevent them?

[rrmosby]

I want the user to know that what they're trying to do isn't going to be accepted (rather than the script just replacing unallowed characters and the user thinking it's been entered successfully as is). I want to prevent abuse more this way, and make sure more of the things entered are legit (which I have to manually confirm later, but this process helps narrow things down).

 

I'm not sure if I should be using something that can detect any periods, or if there's something I can tack on to $ID (like example($ID)) that will ensure that this is a whole number, no decimals involved. The $ID > 0 works well to ensure that it's not a negative, but it wouldn't be the same with decimals (2.5 > 0).

[rrmosby]

I'm just going to go with if (!is_int($ID) || ($ID) < 0). Thank you.