sudsy1970 Posted November 25, 2008 Share Posted November 25, 2008 hi, am having some trouble when comparing email addresses. i have my code all worked out and is working as long as i used a username or surname, however i am wanting to put in an email address. I have echoed the email addy stored in the database and then copied that into my form exactly and yet when i compare the too, the result tells me there are no valid accounts. I know that too be untrue. Am i missing something simple or is all this just mad? mysql_select_db("db0274148",$dbServer); $sql = "SELECT * FROM users WHERE username=\"". $_POST["myEmail"]."\""; $queryResult=mysql_query($sql); // If = $queryResult equals nothing then there are no users listed with that username // Else send an email to the registered email address held in the database with the correct password if (mysql_num_rows($queryResult)==0) { echo"Sorry there are no accounts with that username<br>"; echo ("<br><a href=\"forgotuser.html\">Enter Username again ?</a><br>"); echo ("<br><a href=\"homepage.php\">Return to the Homepage</a>"); } Quote Link to comment https://forums.phpfreaks.com/topic/134263-solved-help-comparing-strings/ Share on other sites More sharing options...
revraz Posted November 25, 2008 Share Posted November 25, 2008 See if this works better $sql = "SELECT * FROM users WHERE username= '{$_POST['myEmail']}'"; If not, echo $sql and see what it shows. Quote Link to comment https://forums.phpfreaks.com/topic/134263-solved-help-comparing-strings/#findComment-698927 Share on other sites More sharing options...
trq Posted November 25, 2008 Share Posted November 25, 2008 Firstly. Never used un-sanitised data within your queries. Does your username field contain email addresses? Are you trimming the submitted data before trying to make the comparison? eg; $email = mysql_real_escape_string(trim($_POST['myEmail'])); $sql = "SELECT * FROM users WHERE username='$email'"; Quote Link to comment https://forums.phpfreaks.com/topic/134263-solved-help-comparing-strings/#findComment-698929 Share on other sites More sharing options...
sudsy1970 Posted November 25, 2008 Author Share Posted November 25, 2008 Ahhhh thanks for that, of course i needed to change the field and no i had not trimmed ! erm while i am on a thought just occurred to me. If a new member registers and has an irish name like o'rouke would mysql throw it's teddys out the cot ? Quote Link to comment https://forums.phpfreaks.com/topic/134263-solved-help-comparing-strings/#findComment-698935 Share on other sites More sharing options...
DeanWhitehouse Posted November 25, 2008 Share Posted November 25, 2008 Use htmlentities(); first Quote Link to comment https://forums.phpfreaks.com/topic/134263-solved-help-comparing-strings/#findComment-698937 Share on other sites More sharing options...
trq Posted November 25, 2008 Share Posted November 25, 2008 Use htmlentities(); first No. Data needs to be escaped, not modified. Use mysql_real_escape_string. Quote Link to comment https://forums.phpfreaks.com/topic/134263-solved-help-comparing-strings/#findComment-698940 Share on other sites More sharing options...
flyhoney Posted November 25, 2008 Share Posted November 25, 2008 Ahhhh thanks for that, of course i needed to change the field and no i had not trimmed ! erm while i am on a thought just occurred to me. If a new member registers and has an irish name like o'rouke would mysql throw it's teddys out the cot ? As long as you always use mysql_real_escape_string to escape strings in your queries you should have no problems. Quote Link to comment https://forums.phpfreaks.com/topic/134263-solved-help-comparing-strings/#findComment-698941 Share on other sites More sharing options...
sudsy1970 Posted November 25, 2008 Author Share Posted November 25, 2008 cool thanks guys your the best Quote Link to comment https://forums.phpfreaks.com/topic/134263-solved-help-comparing-strings/#findComment-698946 Share on other sites More sharing options...
DeanWhitehouse Posted November 25, 2008 Share Posted November 25, 2008 @thorpe, I said first not instead. Quote Link to comment https://forums.phpfreaks.com/topic/134263-solved-help-comparing-strings/#findComment-698948 Share on other sites More sharing options...
trq Posted November 25, 2008 Share Posted November 25, 2008 @thorpe, I said first not instead. Still, why modify the data? Quote Link to comment https://forums.phpfreaks.com/topic/134263-solved-help-comparing-strings/#findComment-698968 Share on other sites More sharing options...
DeanWhitehouse Posted November 25, 2008 Share Posted November 25, 2008 To make it safe to print on screen (if he does later , saves him doing so) and to stop it from affecting the query (although i think mysql_real_escape_string(); might stop that. Quote Link to comment https://forums.phpfreaks.com/topic/134263-solved-help-comparing-strings/#findComment-698969 Share on other sites More sharing options...
trq Posted November 25, 2008 Share Posted November 25, 2008 To make it safe to print on screen (if he does later , saves him doing so) and to stop it from affecting the query (although i think mysql_real_escape_string(); might stop that. Data should be stored in its raw format IMO. If you need to format it for the web, do so when displaying it for the web, not before storing it. Quote Link to comment https://forums.phpfreaks.com/topic/134263-solved-help-comparing-strings/#findComment-698976 Share on other sites More sharing options...
flyhoney Posted November 25, 2008 Share Posted November 25, 2008 Unless you are 100% sure you don't want HTML in the string. Its often smart to use strip_tags to avoid XSS and the like. Quote Link to comment https://forums.phpfreaks.com/topic/134263-solved-help-comparing-strings/#findComment-698978 Share on other sites More sharing options...
DeanWhitehouse Posted November 25, 2008 Share Posted November 25, 2008 @thorpe, that is just a matter of opinion. Quote Link to comment https://forums.phpfreaks.com/topic/134263-solved-help-comparing-strings/#findComment-698979 Share on other sites More sharing options...
trq Posted November 25, 2008 Share Posted November 25, 2008 @thorpe, that is just a matter of opinion. You think so? What if your client (lets pretend) turns around and decides that they want to use the same user database for an in house desktop application that your using for your web application (it does happen)? Doing it your way meens your original data is currupted / difficult to use. Quote Link to comment https://forums.phpfreaks.com/topic/134263-solved-help-comparing-strings/#findComment-698983 Share on other sites More sharing options...
DeanWhitehouse Posted November 25, 2008 Share Posted November 25, 2008 Hmm, i suppose lucky it hasn't happened to me yet and that i don't modify it before i put it in (much) Quote Link to comment https://forums.phpfreaks.com/topic/134263-solved-help-comparing-strings/#findComment-698991 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.