IF statement help \=

[Minimeallolla]

im trying to make it so before it inserts the comment and username into the database it check if the username is active: 0 or 1. if it is 0 then die but if active then its all good lol. what i have now lets anybody comment. to me it looks perfect ? =[

 

 

if (isset($_POST['submit'])) {

$check = mysql_query("SELECT active FROM users WHERE active ='1'") or die(mysql_error());

$check2 = mysql_num_rows($check);
if ($check2 != 1) {
	 die('You are Not allowed to comment untill your account is activated.');
}else{


$comment = mysql_real_escape_string(stripslashes(trim($_POST['comment'])));

$insert = "INSERT INTO homecomments (username, comment)
VALUES ('[$username]', '[$comment]')";

$add_member = mysql_query($insert);
{
echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=index.php\">";
  }
}
} 

[seanlim]

$check = mysql_query("SELECT active FROM users WHERE active ='1'") or die(mysql_error());

 

this line should be changed to include the username. you will want the database to fetch only the record of the username if it is active.

 

your current statement will fetch ALL records with active='1'

 

if you are using sessions for the login, it'll be something along the lines of:

 

$check = mysql_query("SELECT active FROM users WHERE active ='1' AND username='".mysql_real_escape_string($_SESSION['username'])."'") or die(mysql_error());