Captcha for php/MySQL

[lwharding]

Help! I am in desperate need of some advice on how to create a catpcha for an insert form that I am currently using.  I have managed to create both a CAPTCHA and an INSERT form separately both of which work fine. Problem I have is that I cannot work out how to join the two together.

The CAPTCHA displays either the success or failure notice using an IF statement, the problem i have is that I am not sure how I can change the success IF statement to and INSERT command.

Hope this makes sense.

Luke

[wildteen88]

Just do this:
[code]if($captha == something)
{
    // place insert code here if captha is correct
}
else
{
    //place error message here if captha is incorrect
}[/code]

[lwharding]

I am aware of what the if statement would look like, the problem is when using an INSERT command within the success the page does not even display.

for example

======================

if($captha == something)
{
SUCCESS then INSERT the record into 'My Table'  // place insert code here if captha is correct
}
else
{
FAILURE "Please re-enter captcha"    //place error message here if captha is incorrect
}

[wildteen88]

It'll only display something if you tell it to. If its just the insert command then nothing will show. Heres an example:
[code]f($captha == something)
{
    // connect to db here

    //setup query:
    $sql = "INSERT INTO table_name SET col_name=some_val, col2_name=some_val";
    $result = mysql_query($result);
   
    // check that the query was successful:
    if($result) {
        echo "Update was successful";
    } else {
        echo "Query failed" . mysql_errror());
    }
}
else
{
    echo "Please re-enter captcha";
}[/code]

[lwharding]

I have attempted as you have kindly suggested but cannot figure out what i am doing wrong, code is below.


[code]if($word_ok!==false)
{
if($word_ok=="yes")
// connect to db here
require_once('../../../Connections/mysql.php');

    //setup query:
    $sql = "INSERT INTO test Name=$_POST['Name'], Title=$_POST['Title']";
    $result = mysql_query($result);

    // check that the query was successful:
    if($result) {
        echo "Update was successful";
    } else {
        echo "Query failed" . mysql_errror());
    }

else {
echo "sorry, that's not the right word, try again.<br />";
}
}
[/code]

[Aftek]

it strange how you wrote this.. im not an expert.. but maybe what i know is enough to help you there.

[quote]
[code]
<?php
    if($word_ok!==false)
?>
[/code]
[/quote]
first of all !== is unknown to me... ( sorry i checked and it is available as a PHP operator... so !== isnt wrong)
it is either != for 'is different from' or == for 'is equal to'
Now if you use booleans, you dont even need to use them..
you can simply use
[code]
<?php
$isValid;

//then use a function to validate your $word_ok
// a function that returns false in case of errors, true ( or anything else) if no error encountered.
$isValid = validate_my_string ($word_ok);

//now if $isValid == false
if (!$isValid)
{
    echo "$word_ok is invalid";
}
// else means $isValid is anything else but false..
// so if needed you function can return something else than true ( like an array, an object, a value or a variable)
else
{
    echo "$Thanks you, $word_ok has been validated";
}


//you can also have your function to create an array and return it at the end..
//during the validation if necessary add entries to it, i usually name $errors and use $errors ['where is happens'] = "err_msg";
function validate ()
{
    //first create an empty array
    $errors = array();

  // do your validation and if there is an error add it to $errors

    if (empty($_POST['username']) || $_POST['username'] == "") $errors['username'] == "blank username";
    if (empty($_POST['password']) || $_POST['password'] == "") $errors['password'] == "blank password";

    //once it is done just return $errors array
    return $errors;
}

//then you can have a page looking like

//validate and get the array
$validation = validate ();

if (empty ($validation)) echo "the error array is empty... which means you pass thru my validation, congrats, lol";
//else means there has been an error somewhere
else
{
    echo "the following errors where found<br />";
    echo "<ul>";
    // foreach will do this for every entries in our error array. I'm putting it in unordered list, 100%optional
    foreach ($validation as $whereIsError => $error_msg)
    {
        echo "<li>$whereIsError - $error_msg</li>";
    }
    echo "</ul>";
}


[/code]




[quote]"INSERT INTO test Name=$_POST['Name'], Title=$_POST['Title']";[/quote]
try either
[code]<?php
$sql = "INSERT INTO test Name='{$_POST['Name']}', Title='{$_POST['Title']}'";[/code]
or
[code]<?php
$sql = "INSERT INTO test Name='" . $_POST['Name'] . "', Title='" . $_POST['Title'] . "'";[/code]
Im am even farther to being a mysql expert, but shouldnt it be
"INSERT INTO table_name ( column_name1, column_name3,..) VALUES ( '$value1', '$value3',..)"


alright, im saying it again, im not an expert , far from it unfortunatly..
but in the meantime i'd love someone to correct me here if there's any mistake

still hope it helps though :)