Jump to content

IF statement help \=


Minimeallolla

Recommended Posts

im trying to make it so before it inserts the comment and username into the database it check if the username is active: 0 or 1. if it is 0 then die but if active then its all good lol. what i have now lets anybody comment. to me it looks perfect ? =[

 

 

if (isset($_POST['submit'])) {

$check = mysql_query("SELECT active FROM users WHERE active ='1'") or die(mysql_error());

$check2 = mysql_num_rows($check);
if ($check2 != 1) {
	 die('You are Not allowed to comment untill your account is activated.');
}else{


$comment = mysql_real_escape_string(stripslashes(trim($_POST['comment'])));

$insert = "INSERT INTO homecomments (username, comment)
VALUES ('[$username]', '[$comment]')";

$add_member = mysql_query($insert);
{
echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=index.php\">";
  }
}
} 

Link to comment
Share on other sites

$check = mysql_query("SELECT active FROM users WHERE active ='1'") or die(mysql_error());

 

this line should be changed to include the username. you will want the database to fetch only the record of the username if it is active.

 

your current statement will fetch ALL records with active='1'

 

if you are using sessions for the login, it'll be something along the lines of:

 

$check = mysql_query("SELECT active FROM users WHERE active ='1' AND username='".mysql_real_escape_string($_SESSION['username'])."'") or die(mysql_error());

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.