Jump to content

Recommended Posts

hi,

 

am having some trouble when comparing email addresses.  i have my code all worked out and is working as long as i used a username or surname, however i am wanting to put in an email address.

 

I have echoed the email addy stored in the database and then copied that into my form exactly and yet when i compare the too, the result tells me there are no valid accounts. I know that too be untrue.

 

Am i missing something simple or is all this just mad?

 

mysql_select_db("db0274148",$dbServer);
            $sql = "SELECT * FROM users WHERE username=\"". $_POST["myEmail"]."\"";
       	   $queryResult=mysql_query($sql);
       	   
       	
       	     
      // If = $queryResult equals nothing then there are no users listed with that username
      // Else send an email to the registered email address held in the database with the correct password
      
      if (mysql_num_rows($queryResult)==0)
       {
       	echo"Sorry there are no accounts with that username<br>";
       	echo ("<br><a href=\"forgotuser.html\">Enter Username again ?</a><br>");
       	echo ("<br><a href=\"homepage.php\">Return to the Homepage</a>");
       }

Link to comment
https://forums.phpfreaks.com/topic/134263-solved-help-comparing-strings/
Share on other sites

Firstly. Never used un-sanitised data within your queries.

 

Does your username field contain email addresses? Are you trimming the submitted data before trying to make the comparison? eg;

 

$email = mysql_real_escape_string(trim($_POST['myEmail']));
$sql = "SELECT * FROM users WHERE username='$email'";

Ahhhh

 

thanks for that, of course i needed to change the field and no i had not trimmed !

 

erm while i am on a thought just occurred to me.  If a new member registers and has an irish name like o'rouke would mysql throw it's teddys out the cot ?

Ahhhh

 

thanks for that, of course i needed to change the field and no i had not trimmed !

 

erm while i am on a thought just occurred to me.  If a new member registers and has an irish name like o'rouke would mysql throw it's teddys out the cot ?

 

As long as you always use mysql_real_escape_string to escape strings in your queries you should have no problems.

To make it safe to print on screen (if he does later , saves him doing so) and to stop it from affecting the query (although i think mysql_real_escape_string(); might stop that.

 

Data should be stored in its raw format IMO. If you need to format it for the web, do so when displaying it for the web, not before storing it.

@thorpe, that is just a matter of opinion.

 

You think so? What if your client (lets pretend) turns around and decides that they want to use the same user database for an in house desktop application that your using for your web application (it does happen)? Doing it your way meens your original data is currupted / difficult to use.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.